@gradientedge/cdk-utils 8.126.0 → 8.128.0

package/app/api-destined-function/node_modules/.bin/rimraf

@@ -6,9 +6,9 @@ case `uname` in
 esac
 
 if [ -z "$NODE_PATH" ]; then
-  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules/rimraf/dist/esm/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules"
+  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules/rimraf/dist/esm/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules"
 else
-  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules/rimraf/dist/esm/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.4/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules:$NODE_PATH"
+  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules/rimraf/dist/esm/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@5.0.5/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules:$NODE_PATH"
 fi
 if [ -x "$basedir/node" ]; then
   exec "$basedir/node"  "$basedir/../rimraf/dist/esm/bin.mjs" "$@"

package/app/api-destined-function/package.json

@@ -21,6 +21,6 @@
   },
   "devDependencies": {
     "mkdirp": "^3.0.1",
-    "rimraf": "^5.0.4"
+    "rimraf": "^5.0.5"
   }
 }

package/dist/src/lib/aws/construct/index.d.ts

@@ -9,5 +9,6 @@ export * from './lambda-with-iam-access';
 export * from './rest-api-lambda';
 export * from './rest-api-lambda-with-cache';
 export * from './site-with-ecs-backend';
+export * from './site-with-lambda-backend';
 export * from './static-asset-deployment';
 export * from './static-site';

package/dist/src/lib/aws/construct/index.js

@@ -25,5 +25,6 @@ __exportStar(require("./lambda-with-iam-access"), exports);
 __exportStar(require("./rest-api-lambda"), exports);
 __exportStar(require("./rest-api-lambda-with-cache"), exports);
 __exportStar(require("./site-with-ecs-backend"), exports);
+__exportStar(require("./site-with-lambda-backend"), exports);
 __exportStar(require("./static-asset-deployment"), exports);
 __exportStar(require("./static-site"), exports);

package/dist/src/lib/aws/construct/site-with-lambda-backend/constants.d.ts

@@ -0,0 +1,5 @@
+export declare enum SiteWithLambdaBackendResponseHeaderPolicyType {
+    ORIGIN = "origin",
+    STATIC = "static"
+}
+export declare const LAMBDA_ALIAS_NAME_CURRENT = "current";

package/dist/src/lib/aws/construct/site-with-lambda-backend/constants.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LAMBDA_ALIAS_NAME_CURRENT = exports.SiteWithLambdaBackendResponseHeaderPolicyType = void 0;
+var SiteWithLambdaBackendResponseHeaderPolicyType;
+(function (SiteWithLambdaBackendResponseHeaderPolicyType) {
+    SiteWithLambdaBackendResponseHeaderPolicyType["ORIGIN"] = "origin";
+    SiteWithLambdaBackendResponseHeaderPolicyType["STATIC"] = "static";
+})(SiteWithLambdaBackendResponseHeaderPolicyType || (exports.SiteWithLambdaBackendResponseHeaderPolicyType = SiteWithLambdaBackendResponseHeaderPolicyType = {}));
+exports.LAMBDA_ALIAS_NAME_CURRENT = 'current';

package/dist/src/lib/aws/construct/site-with-lambda-backend/index.d.ts

@@ -0,0 +1,3 @@
+export * from './constants';
+export * from './main';
+export * from './types';

package/dist/src/lib/aws/construct/site-with-lambda-backend/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./constants"), exports);
+__exportStar(require("./main"), exports);
+__exportStar(require("./types"), exports);

package/dist/src/lib/aws/construct/site-with-lambda-backend/main.d.ts

@@ -0,0 +1,116 @@
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { CachePolicy, IFunction as CfIFunction, Distribution, FunctionAssociation, OriginRequestPolicy, ResponseHeadersPolicy } from 'aws-cdk-lib/aws-cloudfront';
+import { HttpOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
+import { PolicyDocument, Role } from 'aws-cdk-lib/aws-iam';
+import { AssetCode, FunctionUrl, IFunction, ILayerVersion } from 'aws-cdk-lib/aws-lambda';
+import { IHostedZone } from 'aws-cdk-lib/aws-route53';
+import { IBucket } from 'aws-cdk-lib/aws-s3';
+import { BucketDeployment } from 'aws-cdk-lib/aws-s3-deployment';
+import { Construct } from 'constructs';
+import { CommonConstruct } from '../../common';
+import { SiteWithLambdaBackendCachePolicyProps, SiteWithLambdaBackendProps, SiteWithLambdaBackendResponseHeadersPolicyProps } from './types';
+/**
+ * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
+ * @example
+ * import { SiteWithLambdaBackend, SiteWithLambdaBackendProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends SiteWithLambdaBackend {
+ *   constructor(parent: Construct, id: string, props: SiteWithLambdaBackendProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export declare class SiteWithLambdaBackend extends CommonConstruct {
+    props: SiteWithLambdaBackendProps;
+    id: string;
+    siteHostedZone: IHostedZone;
+    siteCertificate: ICertificate;
+    siteRegionalCertificate: ICertificate;
+    siteSecrets: any;
+    siteLogBucket: IBucket;
+    siteOrigin: HttpOrigin;
+    siteDistribution: Distribution;
+    siteInternalDomainName: string;
+    siteExternalDomainName: string;
+    siteDomainNames: string[];
+    siteCloudfrontFunction: CfIFunction;
+    siteFunctionAssociations: FunctionAssociation[];
+    siteOriginRequestPolicy: OriginRequestPolicy;
+    siteOriginResponseHeadersPolicy?: ResponseHeadersPolicy;
+    siteCachePolicy: CachePolicy;
+    siteStaticAssetDeployment: BucketDeployment;
+    siteLambdaPolicy: PolicyDocument;
+    siteLambdaRole: Role;
+    siteLambdaEnvironment: any;
+    siteLambdaLayers: ILayerVersion[];
+    siteLambdaApplication: AssetCode;
+    siteLambdaFunction: IFunction;
+    siteLambdaUrl: FunctionUrl;
+    constructor(parent: Construct, id: string, props: SiteWithLambdaBackendProps);
+    /**
+     * @summary Initialise and provision resources
+     */
+    protected initResources(): void;
+    /**
+     * @summary Method to resolve a hosted zone based on domain attributes
+     */
+    protected resolveHostedZone(): void;
+    /**
+     * @summary Method to resolve a certificate based on attributes
+     */
+    protected resolveCertificate(): void;
+    protected resolveGlobalCertificate(): void;
+    protected resolveRegionalCertificate(): void;
+    /**
+     * @summary Method to resolve secrets from SecretsManager
+     * - To be implemented in the overriding method in the implementation class
+     */
+    protected resolveSiteSecrets(): void;
+    /**
+     * @summary Method to resolve site domain names
+     */
+    protected resolveSiteDomainNames(): void;
+    /**
+     * Method to create log bucket for site distribution
+     */
+    protected createSiteLogBucket(): void;
+    protected createSiteCachePolicy(id: string, siteCachePolicy: SiteWithLambdaBackendCachePolicyProps): CachePolicy;
+    protected createSiteOriginCachePolicy(): void;
+    protected createSiteOriginRequestPolicy(): void;
+    protected createResponseHeaderPolicy(props: SiteWithLambdaBackendResponseHeadersPolicyProps): ResponseHeadersPolicy | undefined;
+    protected createSiteOriginResponseHeadersPolicy(): void;
+    protected createSiteOrigin(): void;
+    protected createSiteOriginResources(): void;
+    protected createSiteStaticAssetDeployment(): void;
+    protected createSiteLambdaPolicy(): void;
+    protected createSiteLambdaRole(): void;
+    protected createSiteLambdaEnvironment(): void;
+    protected createSiteLambdaLayers(): void;
+    protected createSiteLambdaApplication(): void;
+    protected createSiteLambda(): void;
+    protected createSiteLambdaUrl(): void;
+    /**
+     * @summary Method to create a site cloudfront function
+     */
+    protected createSiteCloudfrontFunction(): void;
+    /**
+     * @summary Method to create a site cloudfront function associations
+     */
+    protected resolveSiteFunctionAssociations(): void;
+    /**
+     * Method to create Site distribution
+     */
+    protected createDistribution(): void;
+    /**
+     * Method to create Route53 records for distribution
+     */
+    protected createNetworkMappings(): void;
+    /**
+     * Method to invalidation the cloudfront distribution cache after a deployment
+     */
+    protected invalidateDistributionCache(): void;
+}

package/dist/src/lib/aws/construct/site-with-lambda-backend/main.js

@@ -0,0 +1,317 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SiteWithLambdaBackend = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_cloudfront_1 = require("aws-cdk-lib/aws-cloudfront");
+const aws_cloudfront_origins_1 = require("aws-cdk-lib/aws-cloudfront-origins");
+const aws_iam_1 = require("aws-cdk-lib/aws-iam");
+const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
+const lodash_1 = __importDefault(require("lodash"));
+const common_1 = require("../../common");
+const constants_1 = require("./constants");
+/**
+ * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
+ * @example
+ * import { SiteWithLambdaBackend, SiteWithLambdaBackendProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends SiteWithLambdaBackend {
+ *   constructor(parent: Construct, id: string, props: SiteWithLambdaBackendProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+class SiteWithLambdaBackend extends common_1.CommonConstruct {
+    /* site properties */
+    props;
+    id;
+    /* site resources */
+    siteHostedZone;
+    siteCertificate;
+    siteRegionalCertificate;
+    siteSecrets;
+    siteLogBucket;
+    siteOrigin;
+    siteDistribution;
+    siteInternalDomainName;
+    siteExternalDomainName;
+    siteDomainNames;
+    siteCloudfrontFunction;
+    siteFunctionAssociations;
+    siteOriginRequestPolicy;
+    siteOriginResponseHeadersPolicy;
+    siteCachePolicy;
+    siteStaticAssetDeployment;
+    siteLambdaPolicy;
+    siteLambdaRole;
+    siteLambdaEnvironment;
+    siteLambdaLayers;
+    siteLambdaApplication;
+    siteLambdaFunction;
+    siteLambdaUrl;
+    constructor(parent, id, props) {
+        super(parent, id, props);
+        this.props = props;
+        this.id = id;
+    }
+    /**
+     * @summary Initialise and provision resources
+     */
+    initResources() {
+        this.resolveHostedZone();
+        this.resolveCertificate();
+        this.resolveSiteSecrets();
+        this.resolveSiteDomainNames();
+        this.createSiteLogBucket();
+        this.createSiteOriginCachePolicy();
+        this.createSiteOriginRequestPolicy();
+        this.createSiteOriginResponseHeadersPolicy();
+        this.createSiteOrigin();
+        this.createSiteCloudfrontFunction();
+        this.resolveSiteFunctionAssociations();
+        this.createDistribution();
+        this.createNetworkMappings();
+        this.invalidateDistributionCache();
+    }
+    /**
+     * @summary Method to resolve a hosted zone based on domain attributes
+     */
+    resolveHostedZone() {
+        this.siteHostedZone = this.route53Manager.withHostedZoneFromFullyQualifiedDomainName(`${this.id}-hosted-zone`, this, this.props.useExistingHostedZone);
+    }
+    /**
+     * @summary Method to resolve a certificate based on attributes
+     */
+    resolveCertificate() {
+        this.resolveGlobalCertificate();
+        this.resolveRegionalCertificate();
+    }
+    resolveGlobalCertificate() {
+        if (this.props.siteCertificate.useExistingCertificate &&
+            this.props.siteCertificate.certificateSsmName &&
+            this.props.siteCertificate.certificateRegion) {
+            this.props.siteCertificate.certificateArn = this.ssmManager.readStringParameterFromRegion(`${this.id}-certificate-parameter`, this, this.props.siteCertificate.certificateSsmName, this.props.siteCertificate.certificateRegion);
+        }
+        this.siteCertificate = this.acmManager.resolveCertificate(`${this.id}-certificate`, this, this.props.siteCertificate);
+    }
+    resolveRegionalCertificate() {
+        if (this.props.siteRegionalCertificate.useExistingCertificate &&
+            this.props.siteRegionalCertificate.certificateSsmName &&
+            this.props.siteRegionalCertificate.certificateRegion) {
+            this.props.siteRegionalCertificate.certificateArn = this.ssmManager.readStringParameterFromRegion(`${this.id}-regional-certificate-parameter`, this, this.props.siteRegionalCertificate.certificateSsmName, this.props.siteRegionalCertificate.certificateRegion);
+        }
+        this.siteRegionalCertificate = this.acmManager.resolveCertificate(`${this.id}-regional-certificate`, this, this.props.siteRegionalCertificate, this.siteHostedZone);
+    }
+    /**
+     * @summary Method to resolve secrets from SecretsManager
+     * - To be implemented in the overriding method in the implementation class
+     */
+    resolveSiteSecrets() { }
+    /**
+     * @summary Method to resolve site domain names
+     */
+    resolveSiteDomainNames() {
+        /* the internal domain name used by ELB */
+        this.siteInternalDomainName =
+            this.isProductionStage() || this.props.skipStageForARecords
+                ? `${this.props.siteSubDomain}-internal.${this.fullyQualifiedDomainName}`
+                : `${this.props.siteSubDomain}-internal-${this.props.stage}.${this.fullyQualifiedDomainName}`;
+        /* the external domain name exposed to CloudFront */
+        this.siteExternalDomainName =
+            this.isProductionStage() || this.props.skipStageForARecords
+                ? `${this.props.siteSubDomain}.${this.fullyQualifiedDomainName}`
+                : `${this.props.siteSubDomain}-${this.props.stage}.${this.fullyQualifiedDomainName}`;
+        this.siteDomainNames = [this.siteExternalDomainName];
+    }
+    /**
+     * Method to create log bucket for site distribution
+     */
+    createSiteLogBucket() {
+        this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket);
+    }
+    createSiteCachePolicy(id, siteCachePolicy) {
+        return new aws_cloudfront_1.CachePolicy(this, `${id}`, {
+            cachePolicyName: `${this.id}-${siteCachePolicy.cachePolicyName}`,
+            comment: `Policy for ${this.id}-distribution - ${this.props.stage} stage`,
+            cookieBehavior: siteCachePolicy.cookieBehavior,
+            enableAcceptEncodingBrotli: siteCachePolicy.enableAcceptEncodingBrotli,
+            enableAcceptEncodingGzip: siteCachePolicy.enableAcceptEncodingGzip,
+            headerBehavior: siteCachePolicy.headerBehavior,
+            maxTtl: aws_cdk_lib_1.Duration.seconds(siteCachePolicy.maxTtlInSeconds),
+            minTtl: aws_cdk_lib_1.Duration.seconds(siteCachePolicy.minTtlInSeconds),
+            queryStringBehavior: siteCachePolicy.queryStringBehavior,
+        });
+    }
+    createSiteOriginCachePolicy() {
+        if (!this.props.siteCachePolicy)
+            return;
+        this.siteCachePolicy = this.createSiteCachePolicy(`${this.id}-site-cache-policy`, this.props.siteCachePolicy);
+        lodash_1.default.assign(this.props.siteDistribution.defaultBehavior, {
+            cachePolicy: this.siteCachePolicy,
+        });
+    }
+    createSiteOriginRequestPolicy() {
+        if (!this.props.siteOriginRequestPolicy)
+            return;
+        this.siteOriginRequestPolicy = new aws_cloudfront_1.OriginRequestPolicy(this, `${this.id}-sorp`, {
+            comment: `Request Policy for ${this.id}-distribution - ${this.props.stage} stage`,
+            cookieBehavior: this.props.siteOriginRequestPolicy.cookieBehavior,
+            headerBehavior: this.props.siteOriginRequestPolicy.headerBehavior,
+            originRequestPolicyName: `${this.id}-origin-request`,
+            queryStringBehavior: this.props.siteOriginRequestPolicy.queryStringBehavior,
+        });
+        lodash_1.default.assign(this.props.siteDistribution.defaultBehavior, {
+            originRequestPolicy: this.siteOriginRequestPolicy,
+        });
+    }
+    createResponseHeaderPolicy(props) {
+        if (!props)
+            return undefined;
+        return new aws_cloudfront_1.ResponseHeadersPolicy(this, `${this.id}-${props.type}-srhp`, {
+            ...props,
+            comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
+            responseHeadersPolicyName: `${this.id}-${props.type}-response`,
+            securityHeadersBehavior: {
+                ...props.securityHeadersBehavior,
+                strictTransportSecurity: {
+                    ...props.securityHeadersBehavior?.strictTransportSecurity,
+                    accessControlMaxAge: aws_cdk_lib_1.Duration.seconds(props.securityHeadersBehavior?.strictTransportSecurity?.accessControlMaxAgeInSeconds),
+                },
+            },
+        });
+    }
+    createSiteOriginResponseHeadersPolicy() {
+        if (!this.props.siteOriginResponseHeadersPolicy)
+            return;
+        this.siteOriginResponseHeadersPolicy = this.createResponseHeaderPolicy(this.props.siteOriginResponseHeadersPolicy);
+        lodash_1.default.assign(this.props.siteDistribution.defaultBehavior, {
+            responseHeadersPolicy: this.siteOriginResponseHeadersPolicy,
+        });
+    }
+    createSiteOrigin() {
+        this.createSiteOriginResources();
+        this.siteOrigin = new aws_cloudfront_origins_1.HttpOrigin(aws_cdk_lib_1.Fn.select(2, aws_cdk_lib_1.Fn.split('/', this.siteLambdaUrl.url)), {
+            httpPort: 443,
+            originId: `${this.id}-server`,
+            protocolPolicy: aws_cloudfront_1.OriginProtocolPolicy.HTTPS_ONLY,
+        });
+    }
+    createSiteOriginResources() {
+        this.createSiteStaticAssetDeployment();
+        this.createSiteLambdaPolicy();
+        this.createSiteLambdaRole();
+        this.createSiteLambdaEnvironment();
+        this.createSiteLambdaLayers();
+        this.createSiteLambdaApplication();
+        this.createSiteLambda();
+        this.createSiteLambdaUrl();
+    }
+    createSiteStaticAssetDeployment() { }
+    createSiteLambdaPolicy() {
+        this.siteLambdaPolicy = new aws_iam_1.PolicyDocument({
+            statements: [
+                new aws_iam_1.PolicyStatement({
+                    actions: ['lambda:InvokeFunctionUrl'],
+                    effect: aws_iam_1.Effect.ALLOW,
+                    resources: ['*'],
+                }),
+            ],
+        });
+    }
+    createSiteLambdaRole() {
+        this.siteLambdaRole = this.iamManager.createRoleForLambda(`${this.id}-role`, this, this.siteLambdaPolicy);
+    }
+    createSiteLambdaEnvironment() {
+        this.siteLambdaEnvironment = {
+            AWS_LAMBDA_EXEC_WRAPPER: this.props.siteExecWrapperPath ?? '/opt/bootstrap',
+            LOG_LEVEL: this.props.logLevel,
+            NODE_ENV: this.props.nodeEnv,
+            PORT: this.props.sitePort,
+            READINESS_CHECK_PATH: this.props.siteHealthEndpoint,
+            READINESS_CHECK_PORT: this.props.sitePort,
+            STAGE: this.props.stage,
+            TZ: this.props.timezone,
+        };
+    }
+    createSiteLambdaLayers() {
+        this.siteLambdaLayers = this.lambdaManager.createWebAdapterLayer(`${this.id}-web-adapter`, this);
+    }
+    createSiteLambdaApplication() { }
+    createSiteLambda() {
+        this.siteLambdaFunction = this.lambdaManager.createLambdaFunction(`${this.id}-lambda`, this, this.props.siteLambda, this.siteLambdaRole, this.siteLambdaLayers, this.siteLambdaApplication, this.props.siteLambda.handler, this.siteLambdaEnvironment);
+    }
+    createSiteLambdaUrl() {
+        const lambdaAlias = lodash_1.default.find(this.props.siteLambda.lambdaAliases, alias => alias.aliasName === constants_1.LAMBDA_ALIAS_NAME_CURRENT);
+        const lambdaFn = lambdaAlias
+            ? aws_lambda_1.Function.fromFunctionAttributes(this, `${this.id}-fn-alias`, {
+                functionArn: `${this.siteLambdaFunction.functionArn}:${lambdaAlias.aliasName}`,
+                sameEnvironment: true,
+            })
+            : this.siteLambdaFunction;
+        lambdaFn.node.addDependency(this.siteLambdaFunction);
+        this.siteLambdaUrl = lambdaFn.addFunctionUrl({
+            authType: aws_lambda_1.FunctionUrlAuthType.NONE,
+        });
+        this.siteLambdaUrl.node.addDependency(this.siteLambdaFunction);
+        this.siteLambdaUrl.node.addDependency(lambdaFn);
+        const principal = new aws_iam_1.AnyPrincipal();
+        principal.addToPolicy(new aws_iam_1.PolicyStatement({
+            actions: ['lambda:InvokeFunctionUrl'],
+            conditions: { StringEquals: { 'lambda:FunctionUrlAuthType': aws_lambda_1.FunctionUrlAuthType.NONE } },
+            effect: aws_iam_1.Effect.ALLOW,
+            resources: ['*'],
+        }));
+        lambdaFn.grantInvokeUrl({ grantPrincipal: principal });
+        this.addCfnOutput(`${this.id}-url`, this.siteLambdaUrl.url);
+    }
+    /**
+     * @summary Method to create a site cloudfront function
+     */
+    createSiteCloudfrontFunction() {
+        if (this.props.siteCloudfrontFunctionProps) {
+            this.siteCloudfrontFunction = this.cloudFrontManager.createCloudfrontFunction(`${this.id}-function`, this, this.props.siteCloudfrontFunctionProps);
+        }
+    }
+    /**
+     * @summary Method to create a site cloudfront function associations
+     */
+    resolveSiteFunctionAssociations() {
+        if (this.props.siteCloudfrontFunctionProps) {
+            this.siteFunctionAssociations = [
+                {
+                    eventType: aws_cloudfront_1.FunctionEventType.VIEWER_REQUEST,
+                    function: this.siteCloudfrontFunction,
+                },
+            ];
+        }
+    }
+    /**
+     * Method to create Site distribution
+     */
+    createDistribution() {
+        this.siteDistribution = this.cloudFrontManager.createDistributionWithHttpOrigin(`${this.id}-distribution`, this, this.props.siteDistribution, this.siteOrigin, this.siteDomainNames, this.siteLogBucket, this.siteCertificate, this.siteFunctionAssociations, this.props.siteDistribution.defaultBehavior.responseHeadersPolicy);
+        this.siteDistribution.node.addDependency(this.siteLambdaFunction);
+        this.siteDistribution.node.addDependency(this.siteLambdaUrl);
+    }
+    /**
+     * Method to create Route53 records for distribution
+     */
+    createNetworkMappings() {
+        this.route53Manager.createCloudFrontTargetARecord(`${this.id}-a-record`, this, this.siteDistribution, this.siteHostedZone, this.props.siteRecordName, this.props.skipStageForARecords);
+    }
+    /**
+     * Method to invalidation the cloudfront distribution cache after a deployment
+     */
+    invalidateDistributionCache() {
+        if (this.props.siteCacheInvalidationDockerFilePath) {
+            this.cloudFrontManager.invalidateCache(`${this.id}-cache-invalidation`, this, this.props.siteCacheInvalidationDockerFilePath, this.siteDistribution.distributionId);
+        }
+    }
+}
+exports.SiteWithLambdaBackend = SiteWithLambdaBackend;

package/dist/src/lib/aws/construct/site-with-lambda-backend/types.d.ts

@@ -0,0 +1,45 @@
+import { CachePolicyProps, OriginRequestPolicyProps, ResponseHeadersPolicyProps, ResponseHeadersStrictTransportSecurity, ResponseSecurityHeadersBehavior } from 'aws-cdk-lib/aws-cloudfront';
+import { CommonStackProps } from '../../common';
+import { AcmProps, CloudfrontFunctionProps, DistributionProps, LambdaProps, LogProps, S3BucketProps } from '../../services';
+import { SiteWithLambdaBackendResponseHeaderPolicyType } from './constants';
+/**
+ */
+export interface SiteWithLambdaBackendProps extends CommonStackProps {
+    logLevel: string;
+    nodeEnv: string;
+    siteCacheInvalidationDockerFilePath?: string;
+    siteCertificate: AcmProps;
+    siteCloudfrontFunctionProps?: CloudfrontFunctionProps;
+    siteDistribution: DistributionProps;
+    siteExecWrapperPath: string;
+    siteFunctionFilePath?: string;
+    siteHealthEndpoint: string;
+    siteLambda: LambdaProps;
+    siteLog: LogProps;
+    siteLogBucket: S3BucketProps;
+    sitePort: string;
+    siteCachePolicy?: SiteWithLambdaBackendCachePolicyProps;
+    siteOriginRequestPolicy: OriginRequestPolicyProps;
+    siteOriginResponseHeadersPolicy: SiteWithLambdaBackendResponseHeadersPolicyProps;
+    siteRecordName?: string;
+    siteRegionalCertificate: AcmProps;
+    siteSubDomain: string;
+    timezone: string;
+    useExistingHostedZone: boolean;
+    useExistingVpc: boolean;
+}
+export interface SiteWithLambdaBackendResponseHeadersStrictTransportSecurity extends ResponseHeadersStrictTransportSecurity {
+    accessControlMaxAgeInSeconds: number;
+}
+export interface SiteWithLambdaBackendSecurityHeadersBehavior extends ResponseSecurityHeadersBehavior {
+    strictTransportSecurity: SiteWithLambdaBackendResponseHeadersStrictTransportSecurity;
+}
+export interface SiteWithLambdaBackendResponseHeadersPolicyProps extends ResponseHeadersPolicyProps {
+    securityHeadersBehavior: SiteWithLambdaBackendSecurityHeadersBehavior;
+    type: SiteWithLambdaBackendResponseHeaderPolicyType;
+}
+export interface SiteWithLambdaBackendCachePolicyProps extends CachePolicyProps {
+    defaultTtlInSeconds: number;
+    minTtlInSeconds: number;
+    maxTtlInSeconds: number;
+}

package/dist/src/lib/aws/construct/site-with-lambda-backend/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/lib/aws/services/api-gateway/main.js

@@ -51,6 +51,7 @@ class ApiManager {
             },
             failOnWarnings: props.failOnWarnings || false,
             handler: lambdaFunction,
+            minCompressionSize: props.minCompressionSizeInBytes ? aws_cdk_lib_1.Size.bytes(props.minCompressionSizeInBytes) : undefined,
             proxy: props.proxy ?? true,
             restApiName: `${props.restApiName}-${scope.props.stage}`,
         });

package/dist/src/lib/aws/services/api-gateway/types.d.ts

@@ -4,4 +4,5 @@ import { TagProps } from '../../types';
  */
 export interface LambdaRestApiProps extends LambdaRestApigProps {
     tags?: TagProps[];
+    minCompressionSizeInBytes?: number;
 }

package/dist/src/lib/aws/services/lambda/main.d.ts

@@ -29,6 +29,7 @@ export declare class LambdaManager {
      * @param architectures
      */
     createLambdaLayer(id: string, scope: CommonConstruct, code: AssetCode, architectures?: Architecture[]): LayerVersion;
+    createWebAdapterLayer(id: string, scope: CommonConstruct): ILayerVersion[];
     /**
      * @summary Method to create a lambda function (nodejs)
      * @param id scoped id of the resource

package/dist/src/lib/aws/services/lambda/main.js

@@ -48,6 +48,12 @@ class LambdaManager {
         (0, utils_1.createCfnOutput)(`${id}-lambdaLayerArn`, scope, lambdaLayer.layerVersionArn);
         return lambdaLayer;
     }
+    createWebAdapterLayer(id, scope) {
+        return [
+            aws_lambda_1.LayerVersion.fromLayerVersionArn(scope, `${id}-${aws_lambda_1.Architecture.X86_64}`, `arn:aws:lambda:${scope.props.region}:753240598075:layer:LambdaAdapterLayerX86:17`),
+            aws_lambda_1.LayerVersion.fromLayerVersionArn(scope, `${id}-${aws_lambda_1.Architecture.ARM_64}`, `arn:aws:lambda:${scope.props.region}:753240598075:layer:LambdaAdapterLayerArm64:17`),
+        ];
+    }
     /**
      * @summary Method to create a lambda function (nodejs)
      * @param id scoped id of the resource

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.126.0",
+  "version": "8.128.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {
@@ -46,15 +46,15 @@
     }
   },
   "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.418.0",
-    "@aws-sdk/credential-providers": "^3.418.0",
+    "@aws-sdk/client-secrets-manager": "^3.421.0",
+    "@aws-sdk/credential-providers": "^3.421.0",
     "@aws-sdk/types": "^3.418.0",
-    "@cdktf/provider-azurerm": "^10.0.4",
+    "@cdktf/provider-azurerm": "^10.0.5",
     "@types/lodash": "^4.14.199",
-    "@types/node": "^20.7.0",
+    "@types/node": "^20.8.0",
     "@types/uuid": "^9.0.4",
     "app-root-path": "^3.1.0",
-    "aws-cdk-lib": "^2.97.1",
+    "aws-cdk-lib": "^2.99.1",
     "cdktf": "^0.18.0",
     "constructs": "^10.2.70",
     "lodash": "^4.17.21",
@@ -71,7 +71,7 @@
     "@types/jest": "^29.5.5",
     "@typescript-eslint/eslint-plugin": "^6.7.3",
     "@typescript-eslint/parser": "^6.7.3",
-    "aws-cdk": "^2.97.1",
+    "aws-cdk": "^2.99.1",
     "better-docs": "^2.7.2",
     "codecov": "^3.8.3",
     "commitizen": "^4.3.0",
@@ -92,7 +92,7 @@
     "jsdoc-to-markdown": "^8.0.0",
     "prettier": "^3.0.3",
     "prettier-plugin-organize-imports": "^3.2.3",
-    "rimraf": "^5.0.4",
+    "rimraf": "^5.0.5",
     "semantic-release": "^22.0.5",
     "taffydb": "^2.7.3",
     "ts-jest": "^29.1.1",

package/src/lib/aws/construct/index.ts

@@ -9,5 +9,6 @@ export * from './lambda-with-iam-access'
 export * from './rest-api-lambda'
 export * from './rest-api-lambda-with-cache'
 export * from './site-with-ecs-backend'
+export * from './site-with-lambda-backend'
 export * from './static-asset-deployment'
 export * from './static-site'

package/src/lib/aws/construct/site-with-lambda-backend/constants.ts

@@ -0,0 +1,6 @@
+export enum SiteWithLambdaBackendResponseHeaderPolicyType {
+  ORIGIN = 'origin',
+  STATIC = 'static',
+}
+
+export const LAMBDA_ALIAS_NAME_CURRENT = 'current'

package/src/lib/aws/construct/site-with-lambda-backend/index.ts

@@ -0,0 +1,3 @@
+export * from './constants'
+export * from './main'
+export * from './types'

package/src/lib/aws/construct/site-with-lambda-backend/main.ts

@@ -0,0 +1,433 @@
+import { Duration, Fn } from 'aws-cdk-lib'
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager'
+import {
+  CachePolicy,
+  IFunction as CfIFunction,
+  Distribution,
+  FunctionAssociation,
+  FunctionEventType,
+  OriginProtocolPolicy,
+  OriginRequestPolicy,
+  ResponseHeadersPolicy,
+} from 'aws-cdk-lib/aws-cloudfront'
+import { HttpOrigin } from 'aws-cdk-lib/aws-cloudfront-origins'
+import { AnyPrincipal, Effect, PolicyDocument, PolicyStatement, Role } from 'aws-cdk-lib/aws-iam'
+import { AssetCode, Function, FunctionUrl, FunctionUrlAuthType, IFunction, ILayerVersion } from 'aws-cdk-lib/aws-lambda'
+import { IHostedZone } from 'aws-cdk-lib/aws-route53'
+import { IBucket } from 'aws-cdk-lib/aws-s3'
+import { BucketDeployment } from 'aws-cdk-lib/aws-s3-deployment'
+import { Construct } from 'constructs'
+import _ from 'lodash'
+import { CommonConstruct } from '../../common'
+import { LAMBDA_ALIAS_NAME_CURRENT } from './constants'
+import {
+  SiteWithLambdaBackendCachePolicyProps,
+  SiteWithLambdaBackendProps,
+  SiteWithLambdaBackendResponseHeadersPolicyProps,
+} from './types'
+
+/**
+ * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
+ * @example
+ * import { SiteWithLambdaBackend, SiteWithLambdaBackendProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends SiteWithLambdaBackend {
+ *   constructor(parent: Construct, id: string, props: SiteWithLambdaBackendProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export class SiteWithLambdaBackend extends CommonConstruct {
+  /* site properties */
+  props: SiteWithLambdaBackendProps
+  id: string
+
+  /* site resources */
+  siteHostedZone: IHostedZone
+  siteCertificate: ICertificate
+  siteRegionalCertificate: ICertificate
+  siteSecrets: any
+  siteLogBucket: IBucket
+  siteOrigin: HttpOrigin
+  siteDistribution: Distribution
+  siteInternalDomainName: string
+  siteExternalDomainName: string
+  siteDomainNames: string[]
+  siteCloudfrontFunction: CfIFunction
+  siteFunctionAssociations: FunctionAssociation[]
+  siteOriginRequestPolicy: OriginRequestPolicy
+  siteOriginResponseHeadersPolicy?: ResponseHeadersPolicy
+  siteCachePolicy: CachePolicy
+  siteStaticAssetDeployment: BucketDeployment
+  siteLambdaPolicy: PolicyDocument
+  siteLambdaRole: Role
+  siteLambdaEnvironment: any
+  siteLambdaLayers: ILayerVersion[]
+  siteLambdaApplication: AssetCode
+  siteLambdaFunction: IFunction
+  siteLambdaUrl: FunctionUrl
+
+  constructor(parent: Construct, id: string, props: SiteWithLambdaBackendProps) {
+    super(parent, id, props)
+    this.props = props
+    this.id = id
+  }
+
+  /**
+   * @summary Initialise and provision resources
+   */
+  protected initResources() {
+    this.resolveHostedZone()
+    this.resolveCertificate()
+    this.resolveSiteSecrets()
+    this.resolveSiteDomainNames()
+    this.createSiteLogBucket()
+    this.createSiteOriginCachePolicy()
+    this.createSiteOriginRequestPolicy()
+    this.createSiteOriginResponseHeadersPolicy()
+    this.createSiteOrigin()
+    this.createSiteCloudfrontFunction()
+    this.resolveSiteFunctionAssociations()
+    this.createDistribution()
+    this.createNetworkMappings()
+    this.invalidateDistributionCache()
+  }
+
+  /**
+   * @summary Method to resolve a hosted zone based on domain attributes
+   */
+  protected resolveHostedZone() {
+    this.siteHostedZone = this.route53Manager.withHostedZoneFromFullyQualifiedDomainName(
+      `${this.id}-hosted-zone`,
+      this,
+      this.props.useExistingHostedZone
+    )
+  }
+
+  /**
+   * @summary Method to resolve a certificate based on attributes
+   */
+  protected resolveCertificate() {
+    this.resolveGlobalCertificate()
+    this.resolveRegionalCertificate()
+  }
+
+  protected resolveGlobalCertificate() {
+    if (
+      this.props.siteCertificate.useExistingCertificate &&
+      this.props.siteCertificate.certificateSsmName &&
+      this.props.siteCertificate.certificateRegion
+    ) {
+      this.props.siteCertificate.certificateArn = this.ssmManager.readStringParameterFromRegion(
+        `${this.id}-certificate-parameter`,
+        this,
+        this.props.siteCertificate.certificateSsmName,
+        this.props.siteCertificate.certificateRegion
+      )
+    }
+    this.siteCertificate = this.acmManager.resolveCertificate(
+      `${this.id}-certificate`,
+      this,
+      this.props.siteCertificate
+    )
+  }
+
+  protected resolveRegionalCertificate() {
+    if (
+      this.props.siteRegionalCertificate.useExistingCertificate &&
+      this.props.siteRegionalCertificate.certificateSsmName &&
+      this.props.siteRegionalCertificate.certificateRegion
+    ) {
+      this.props.siteRegionalCertificate.certificateArn = this.ssmManager.readStringParameterFromRegion(
+        `${this.id}-regional-certificate-parameter`,
+        this,
+        this.props.siteRegionalCertificate.certificateSsmName,
+        this.props.siteRegionalCertificate.certificateRegion
+      )
+    }
+    this.siteRegionalCertificate = this.acmManager.resolveCertificate(
+      `${this.id}-regional-certificate`,
+      this,
+      this.props.siteRegionalCertificate,
+      this.siteHostedZone
+    )
+  }
+
+  /**
+   * @summary Method to resolve secrets from SecretsManager
+   * - To be implemented in the overriding method in the implementation class
+   */
+  protected resolveSiteSecrets() {}
+
+  /**
+   * @summary Method to resolve site domain names
+   */
+  protected resolveSiteDomainNames() {
+    /* the internal domain name used by ELB */
+    this.siteInternalDomainName =
+      this.isProductionStage() || this.props.skipStageForARecords
+        ? `${this.props.siteSubDomain}-internal.${this.fullyQualifiedDomainName}`
+        : `${this.props.siteSubDomain}-internal-${this.props.stage}.${this.fullyQualifiedDomainName}`
+
+    /* the external domain name exposed to CloudFront */
+    this.siteExternalDomainName =
+      this.isProductionStage() || this.props.skipStageForARecords
+        ? `${this.props.siteSubDomain}.${this.fullyQualifiedDomainName}`
+        : `${this.props.siteSubDomain}-${this.props.stage}.${this.fullyQualifiedDomainName}`
+
+    this.siteDomainNames = [this.siteExternalDomainName]
+  }
+
+  /**
+   * Method to create log bucket for site distribution
+   */
+  protected createSiteLogBucket() {
+    this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket)
+  }
+
+  protected createSiteCachePolicy(id: string, siteCachePolicy: SiteWithLambdaBackendCachePolicyProps) {
+    return new CachePolicy(this, `${id}`, {
+      cachePolicyName: `${this.id}-${siteCachePolicy.cachePolicyName}`,
+      comment: `Policy for ${this.id}-distribution - ${this.props.stage} stage`,
+      cookieBehavior: siteCachePolicy.cookieBehavior,
+      enableAcceptEncodingBrotli: siteCachePolicy.enableAcceptEncodingBrotli,
+      enableAcceptEncodingGzip: siteCachePolicy.enableAcceptEncodingGzip,
+      headerBehavior: siteCachePolicy.headerBehavior,
+      maxTtl: Duration.seconds(siteCachePolicy.maxTtlInSeconds),
+      minTtl: Duration.seconds(siteCachePolicy.minTtlInSeconds),
+      queryStringBehavior: siteCachePolicy.queryStringBehavior,
+    })
+  }
+
+  protected createSiteOriginCachePolicy() {
+    if (!this.props.siteCachePolicy) return
+    this.siteCachePolicy = this.createSiteCachePolicy(`${this.id}-site-cache-policy`, this.props.siteCachePolicy)
+    _.assign(this.props.siteDistribution.defaultBehavior, {
+      cachePolicy: this.siteCachePolicy,
+    })
+  }
+
+  protected createSiteOriginRequestPolicy() {
+    if (!this.props.siteOriginRequestPolicy) return
+    this.siteOriginRequestPolicy = new OriginRequestPolicy(this, `${this.id}-sorp`, {
+      comment: `Request Policy for ${this.id}-distribution - ${this.props.stage} stage`,
+      cookieBehavior: this.props.siteOriginRequestPolicy.cookieBehavior,
+      headerBehavior: this.props.siteOriginRequestPolicy.headerBehavior,
+      originRequestPolicyName: `${this.id}-origin-request`,
+      queryStringBehavior: this.props.siteOriginRequestPolicy.queryStringBehavior,
+    })
+
+    _.assign(this.props.siteDistribution.defaultBehavior, {
+      originRequestPolicy: this.siteOriginRequestPolicy,
+    })
+  }
+
+  protected createResponseHeaderPolicy(props: SiteWithLambdaBackendResponseHeadersPolicyProps) {
+    if (!props) return undefined
+    return new ResponseHeadersPolicy(this, `${this.id}-${props.type}-srhp`, {
+      ...props,
+      comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
+      responseHeadersPolicyName: `${this.id}-${props.type}-response`,
+      securityHeadersBehavior: {
+        ...props.securityHeadersBehavior,
+        strictTransportSecurity: {
+          ...props.securityHeadersBehavior?.strictTransportSecurity,
+          accessControlMaxAge: Duration.seconds(
+            props.securityHeadersBehavior?.strictTransportSecurity?.accessControlMaxAgeInSeconds
+          ),
+        },
+      },
+    })
+  }
+
+  protected createSiteOriginResponseHeadersPolicy() {
+    if (!this.props.siteOriginResponseHeadersPolicy) return
+    this.siteOriginResponseHeadersPolicy = this.createResponseHeaderPolicy(this.props.siteOriginResponseHeadersPolicy)
+    _.assign(this.props.siteDistribution.defaultBehavior, {
+      responseHeadersPolicy: this.siteOriginResponseHeadersPolicy,
+    })
+  }
+
+  protected createSiteOrigin() {
+    this.createSiteOriginResources()
+    this.siteOrigin = new HttpOrigin(Fn.select(2, Fn.split('/', this.siteLambdaUrl.url)), {
+      httpPort: 443,
+      originId: `${this.id}-server`,
+      protocolPolicy: OriginProtocolPolicy.HTTPS_ONLY,
+    })
+  }
+
+  protected createSiteOriginResources() {
+    this.createSiteStaticAssetDeployment()
+    this.createSiteLambdaPolicy()
+    this.createSiteLambdaRole()
+    this.createSiteLambdaEnvironment()
+    this.createSiteLambdaLayers()
+    this.createSiteLambdaApplication()
+    this.createSiteLambda()
+    this.createSiteLambdaUrl()
+  }
+
+  protected createSiteStaticAssetDeployment() {}
+
+  protected createSiteLambdaPolicy() {
+    this.siteLambdaPolicy = new PolicyDocument({
+      statements: [
+        new PolicyStatement({
+          actions: ['lambda:InvokeFunctionUrl'],
+          effect: Effect.ALLOW,
+          resources: ['*'],
+        }),
+      ],
+    })
+  }
+
+  protected createSiteLambdaRole() {
+    this.siteLambdaRole = this.iamManager.createRoleForLambda(`${this.id}-role`, this, this.siteLambdaPolicy)
+  }
+
+  protected createSiteLambdaEnvironment() {
+    this.siteLambdaEnvironment = {
+      AWS_LAMBDA_EXEC_WRAPPER: this.props.siteExecWrapperPath ?? '/opt/bootstrap',
+      LOG_LEVEL: this.props.logLevel,
+      NODE_ENV: this.props.nodeEnv,
+      PORT: this.props.sitePort,
+      READINESS_CHECK_PATH: this.props.siteHealthEndpoint,
+      READINESS_CHECK_PORT: this.props.sitePort,
+      STAGE: this.props.stage,
+      TZ: this.props.timezone,
+    }
+  }
+
+  protected createSiteLambdaLayers() {
+    this.siteLambdaLayers = this.lambdaManager.createWebAdapterLayer(`${this.id}-web-adapter`, this)
+  }
+
+  protected createSiteLambdaApplication() {}
+
+  protected createSiteLambda() {
+    this.siteLambdaFunction = this.lambdaManager.createLambdaFunction(
+      `${this.id}-lambda`,
+      this,
+      this.props.siteLambda,
+      this.siteLambdaRole,
+      this.siteLambdaLayers,
+      this.siteLambdaApplication,
+      this.props.siteLambda.handler,
+      this.siteLambdaEnvironment
+    )
+  }
+
+  protected createSiteLambdaUrl() {
+    const lambdaAlias = _.find(
+      this.props.siteLambda.lambdaAliases,
+      alias => alias.aliasName === LAMBDA_ALIAS_NAME_CURRENT
+    )
+
+    const lambdaFn = lambdaAlias
+      ? Function.fromFunctionAttributes(this, `${this.id}-fn-alias`, {
+          functionArn: `${this.siteLambdaFunction.functionArn}:${lambdaAlias.aliasName}`,
+          sameEnvironment: true,
+        })
+      : this.siteLambdaFunction
+    lambdaFn.node.addDependency(this.siteLambdaFunction)
+
+    this.siteLambdaUrl = lambdaFn.addFunctionUrl({
+      authType: FunctionUrlAuthType.NONE,
+    })
+    this.siteLambdaUrl.node.addDependency(this.siteLambdaFunction)
+    this.siteLambdaUrl.node.addDependency(lambdaFn)
+
+    const principal = new AnyPrincipal()
+    principal.addToPolicy(
+      new PolicyStatement({
+        actions: ['lambda:InvokeFunctionUrl'],
+        conditions: { StringEquals: { 'lambda:FunctionUrlAuthType': FunctionUrlAuthType.NONE } },
+        effect: Effect.ALLOW,
+        resources: ['*'],
+      })
+    )
+
+    lambdaFn.grantInvokeUrl({ grantPrincipal: principal })
+
+    this.addCfnOutput(`${this.id}-url`, this.siteLambdaUrl.url)
+  }
+
+  /**
+   * @summary Method to create a site cloudfront function
+   */
+  protected createSiteCloudfrontFunction() {
+    if (this.props.siteCloudfrontFunctionProps) {
+      this.siteCloudfrontFunction = this.cloudFrontManager.createCloudfrontFunction(
+        `${this.id}-function`,
+        this,
+        this.props.siteCloudfrontFunctionProps
+      )
+    }
+  }
+
+  /**
+   * @summary Method to create a site cloudfront function associations
+   */
+  protected resolveSiteFunctionAssociations() {
+    if (this.props.siteCloudfrontFunctionProps) {
+      this.siteFunctionAssociations = [
+        {
+          eventType: FunctionEventType.VIEWER_REQUEST,
+          function: this.siteCloudfrontFunction,
+        },
+      ]
+    }
+  }
+
+  /**
+   * Method to create Site distribution
+   */
+  protected createDistribution() {
+    this.siteDistribution = this.cloudFrontManager.createDistributionWithHttpOrigin(
+      `${this.id}-distribution`,
+      this,
+      this.props.siteDistribution,
+      this.siteOrigin,
+      this.siteDomainNames,
+      this.siteLogBucket,
+      this.siteCertificate,
+      this.siteFunctionAssociations,
+      this.props.siteDistribution.defaultBehavior.responseHeadersPolicy
+    )
+    this.siteDistribution.node.addDependency(this.siteLambdaFunction)
+    this.siteDistribution.node.addDependency(this.siteLambdaUrl)
+  }
+
+  /**
+   * Method to create Route53 records for distribution
+   */
+  protected createNetworkMappings() {
+    this.route53Manager.createCloudFrontTargetARecord(
+      `${this.id}-a-record`,
+      this,
+      this.siteDistribution,
+      this.siteHostedZone,
+      this.props.siteRecordName,
+      this.props.skipStageForARecords
+    )
+  }
+
+  /**
+   * Method to invalidation the cloudfront distribution cache after a deployment
+   */
+  protected invalidateDistributionCache() {
+    if (this.props.siteCacheInvalidationDockerFilePath) {
+      this.cloudFrontManager.invalidateCache(
+        `${this.id}-cache-invalidation`,
+        this,
+        this.props.siteCacheInvalidationDockerFilePath,
+        this.siteDistribution.distributionId
+      )
+    }
+  }
+}

package/src/lib/aws/construct/site-with-lambda-backend/types.ts

@@ -0,0 +1,64 @@
+import {
+  CachePolicyProps,
+  OriginRequestPolicyProps,
+  ResponseHeadersPolicyProps,
+  ResponseHeadersStrictTransportSecurity,
+  ResponseSecurityHeadersBehavior,
+} from 'aws-cdk-lib/aws-cloudfront'
+import { CommonStackProps } from '../../common'
+import {
+  AcmProps,
+  CloudfrontFunctionProps,
+  DistributionProps,
+  LambdaProps,
+  LogProps,
+  S3BucketProps,
+} from '../../services'
+import { SiteWithLambdaBackendResponseHeaderPolicyType } from './constants'
+
+/**
+ */
+export interface SiteWithLambdaBackendProps extends CommonStackProps {
+  logLevel: string
+  nodeEnv: string
+  siteCacheInvalidationDockerFilePath?: string
+  siteCertificate: AcmProps
+  siteCloudfrontFunctionProps?: CloudfrontFunctionProps
+  siteDistribution: DistributionProps
+  siteExecWrapperPath: string
+  siteFunctionFilePath?: string
+  siteHealthEndpoint: string
+  siteLambda: LambdaProps
+  siteLog: LogProps
+  siteLogBucket: S3BucketProps
+  sitePort: string
+  siteCachePolicy?: SiteWithLambdaBackendCachePolicyProps
+  siteOriginRequestPolicy: OriginRequestPolicyProps
+  siteOriginResponseHeadersPolicy: SiteWithLambdaBackendResponseHeadersPolicyProps
+  siteRecordName?: string
+  siteRegionalCertificate: AcmProps
+  siteSubDomain: string
+  timezone: string
+  useExistingHostedZone: boolean
+  useExistingVpc: boolean
+}
+
+export interface SiteWithLambdaBackendResponseHeadersStrictTransportSecurity
+  extends ResponseHeadersStrictTransportSecurity {
+  accessControlMaxAgeInSeconds: number
+}
+
+export interface SiteWithLambdaBackendSecurityHeadersBehavior extends ResponseSecurityHeadersBehavior {
+  strictTransportSecurity: SiteWithLambdaBackendResponseHeadersStrictTransportSecurity
+}
+
+export interface SiteWithLambdaBackendResponseHeadersPolicyProps extends ResponseHeadersPolicyProps {
+  securityHeadersBehavior: SiteWithLambdaBackendSecurityHeadersBehavior
+  type: SiteWithLambdaBackendResponseHeaderPolicyType
+}
+
+export interface SiteWithLambdaBackendCachePolicyProps extends CachePolicyProps {
+  defaultTtlInSeconds: number
+  minTtlInSeconds: number
+  maxTtlInSeconds: number
+}

package/src/lib/aws/services/api-gateway/main.ts

@@ -1,4 +1,4 @@
-import { Tags } from 'aws-cdk-lib'
+import { Tags, Size } from 'aws-cdk-lib'
 import {
   Cors,
   Deployment,
@@ -60,6 +60,7 @@ export class ApiManager {
       },
       failOnWarnings: props.failOnWarnings || false,
       handler: lambdaFunction,
+      minCompressionSize: props.minCompressionSizeInBytes ? Size.bytes(props.minCompressionSizeInBytes) : undefined,
       proxy: props.proxy ?? true,
       restApiName: `${props.restApiName}-${scope.props.stage}`,
     })

package/src/lib/aws/services/api-gateway/types.ts

@@ -5,4 +5,5 @@ import { TagProps } from '../../types'
  */
 export interface LambdaRestApiProps extends LambdaRestApigProps {
   tags?: TagProps[]
+  minCompressionSizeInBytes?: number
 }

package/src/lib/aws/services/lambda/main.ts

@@ -60,6 +60,21 @@ export class LambdaManager {
     return lambdaLayer
   }
 
+  public createWebAdapterLayer(id: string, scope: CommonConstruct) {
+    return [
+      LayerVersion.fromLayerVersionArn(
+        scope,
+        `${id}-${Architecture.X86_64}`,
+        `arn:aws:lambda:${scope.props.region}:753240598075:layer:LambdaAdapterLayerX86:17`
+      ),
+      LayerVersion.fromLayerVersionArn(
+        scope,
+        `${id}-${Architecture.ARM_64}`,
+        `arn:aws:lambda:${scope.props.region}:753240598075:layer:LambdaAdapterLayerArm64:17`
+      ),
+    ]
+  }
+
   /**
    * @summary Method to create a lambda function (nodejs)
    * @param id scoped id of the resource