@gradientedge/cdk-utils 8.97.0 → 8.98.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/src/lib/construct/site-with-ecs-backend/constants.d.ts +4 -0
  2. package/dist/src/lib/construct/site-with-ecs-backend/constants.js +8 -0
  3. package/dist/src/lib/construct/site-with-ecs-backend/index.d.ts +1 -0
  4. package/dist/src/lib/construct/site-with-ecs-backend/index.js +1 -0
  5. package/dist/src/lib/construct/site-with-ecs-backend/main.d.ts +7 -1
  6. package/dist/src/lib/construct/site-with-ecs-backend/main.js +43 -0
  7. package/dist/src/lib/construct/site-with-ecs-backend/types.d.ts +14 -0
  8. package/package.json +1 -1
  9. package/src/lib/construct/site-with-ecs-backend/constants.ts +4 -0
  10. package/src/lib/construct/site-with-ecs-backend/index.ts +1 -0
  11. package/src/lib/construct/site-with-ecs-backend/main.ts +47 -1
  12. package/src/lib/construct/site-with-ecs-backend/types.ts +22 -0
package/dist/src/lib/construct/site-with-ecs-backend/constants.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export declare enum SiteResponseHeaderPolicyType {
2
+ ORIGIN = "origin",
3
+ STATIC = "static"
4
+ }
package/dist/src/lib/construct/site-with-ecs-backend/constants.js ADDED
@@ -0,0 +1,8 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.SiteResponseHeaderPolicyType = void 0;
4
+ var SiteResponseHeaderPolicyType;
5
+ (function (SiteResponseHeaderPolicyType) {
6
+ SiteResponseHeaderPolicyType["ORIGIN"] = "origin";
7
+ SiteResponseHeaderPolicyType["STATIC"] = "static";
8
+ })(SiteResponseHeaderPolicyType || (exports.SiteResponseHeaderPolicyType = SiteResponseHeaderPolicyType = {}));
package/dist/src/lib/construct/site-with-ecs-backend/index.d.ts CHANGED
@@ -1,2 +1,3 @@
1
+ export * from './constants';
1
2
  export * from './main';
2
3
  export * from './types';
package/dist/src/lib/construct/site-with-ecs-backend/index.js CHANGED
@@ -14,5 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
14
  for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
+ __exportStar(require("./constants"), exports);
17
18
  __exportStar(require("./main"), exports);
18
19
  __exportStar(require("./types"), exports);
package/dist/src/lib/construct/site-with-ecs-backend/main.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import * as cdk from 'aws-cdk-lib';
1
2
  import * as certificateManager from 'aws-cdk-lib/aws-certificatemanager';
2
3
  import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
3
4
  import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
@@ -11,7 +12,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3';
11
12
  import * as efs from 'aws-cdk-lib/aws-efs';
12
13
  import { Construct } from 'constructs';
13
14
  import { CommonConstruct } from '../../common';
14
- import { SiteWithEcsBackendProps } from './types';
15
+ import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps } from './types';
15
16
  /**
16
17
  * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
17
18
  * @example
@@ -58,6 +59,8 @@ export declare class SiteWithEcsBackend extends CommonConstruct {
58
59
  siteDomainNames: string[];
59
60
  siteCloudfrontFunction: cloudfront.Function;
60
61
  siteFunctionAssociations: cloudfront.FunctionAssociation[];
62
+ siteOriginRequestPolicy: cloudfront.OriginRequestPolicy;
63
+ siteOriginResponseHeadersPolicy?: cloudfront.ResponseHeadersPolicy;
61
64
  constructor(parent: Construct, id: string, props: SiteWithEcsBackendProps);
62
65
  /**
63
66
  * @summary Initialise and provision resources
@@ -122,6 +125,9 @@ export declare class SiteWithEcsBackend extends CommonConstruct {
122
125
  * Method to create log bucket for site distribution
123
126
  */
124
127
  protected createSiteLogBucket(): void;
128
+ protected createSiteOriginRequestPolicy(): void;
129
+ protected createResponseHeaderPolicy(props: SiteResponseHeadersPolicyProps): cdk.aws_cloudfront.ResponseHeadersPolicy | undefined;
130
+ protected createSiteOriginResponseHeadersPolicy(): void;
125
131
  protected createSiteOrigin(): void;
126
132
  /**
127
133
  * @summary Method to create a site cloudfront function
package/dist/src/lib/construct/site-with-ecs-backend/main.js CHANGED
@@ -24,6 +24,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
24
24
  };
25
25
  Object.defineProperty(exports, "__esModule", { value: true });
26
26
  exports.SiteWithEcsBackend = void 0;
27
+ const _ = __importStar(require("lodash"));
27
28
  const cdk = __importStar(require("aws-cdk-lib"));
28
29
  const cloudfront = __importStar(require("aws-cdk-lib/aws-cloudfront"));
29
30
  const origins = __importStar(require("aws-cdk-lib/aws-cloudfront-origins"));
@@ -77,6 +78,8 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
77
78
  siteDomainNames;
78
79
  siteCloudfrontFunction;
79
80
  siteFunctionAssociations;
81
+ siteOriginRequestPolicy;
82
+ siteOriginResponseHeadersPolicy;
80
83
  constructor(parent, id, props) {
81
84
  super(parent, id, props);
82
85
  this.props = props;
@@ -100,6 +103,8 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
100
103
  this.createEcsBuildArgs();
101
104
  this.createEcsContainerImage();
102
105
  this.createEcsService();
106
+ this.createSiteOriginRequestPolicy();
107
+ this.createSiteOriginResponseHeadersPolicy();
103
108
  this.createSiteOrigin();
104
109
  this.createSiteCloudfrontFunction();
105
110
  this.resolveSiteFunctionAssociations();
@@ -340,9 +345,47 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
340
345
  createSiteLogBucket() {
341
346
  this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket);
342
347
  }
348
+ createSiteOriginRequestPolicy() {
349
+ if (!this.props.siteOriginRequestPolicy)
350
+ return;
351
+ this.siteOriginRequestPolicy = new cloudfront.OriginRequestPolicy(this, `${this.id}-sorp`, {
352
+ comment: `Request Policy for ${this.id}-distribution - ${this.props.stage} stage`,
353
+ cookieBehavior: this.props.siteOriginRequestPolicy.cookieBehavior,
354
+ headerBehavior: this.props.siteOriginRequestPolicy.headerBehavior,
355
+ originRequestPolicyName: `${this.id}-origin-request`,
356
+ queryStringBehavior: this.props.siteOriginRequestPolicy.queryStringBehavior,
357
+ });
358
+ _.assign(this.props.siteDistribution.defaultBehavior, {
359
+ originRequestPolicy: this.siteOriginRequestPolicy,
360
+ });
361
+ }
362
+ createResponseHeaderPolicy(props) {
363
+ if (!props)
364
+ return undefined;
365
+ return new cloudfront.ResponseHeadersPolicy(this, `${this.id}-${props.type}-srhp`, {
366
+ ...props,
367
+ comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
368
+ responseHeadersPolicyName: `${this.id}-${props.type}-response`,
369
+ securityHeadersBehavior: {
370
+ strictTransportSecurity: {
371
+ ...props.securityHeadersBehavior?.strictTransportSecurity,
372
+ accessControlMaxAge: cdk.Duration.seconds(props.securityHeadersBehavior?.strictTransportSecurity?.accessControlMaxAgeInSeconds),
373
+ },
374
+ },
375
+ });
376
+ }
377
+ createSiteOriginResponseHeadersPolicy() {
378
+ if (!this.props.siteOriginResponseHeadersPolicy)
379
+ return;
380
+ this.siteOriginResponseHeadersPolicy = this.createResponseHeaderPolicy(this.props.siteOriginResponseHeadersPolicy);
381
+ _.assign(this.props.siteDistribution.defaultBehavior, {
382
+ responseHeadersPolicy: this.siteOriginResponseHeadersPolicy,
383
+ });
384
+ }
343
385
  createSiteOrigin() {
344
386
  this.siteOrigin = new origins.HttpOrigin(this.siteInternalDomainName, {
345
387
  httpPort: this.props.siteTask.listenerPort,
388
+ originId: `${this.id}-server`,
346
389
  protocolPolicy: cloudfront.OriginProtocolPolicy.HTTPS_ONLY,
347
390
  });
348
391
  }
package/dist/src/lib/construct/site-with-ecs-backend/types.d.ts CHANGED
@@ -1,6 +1,8 @@
1
1
  import { CommonStackProps } from '../../common';
2
2
  import { AcmProps, CloudfrontFunctionProps, DistributionProps, EcsApplicationLoadBalancedFargateServiceProps, EcsClusterProps, EfsAccessPointOptions, EfsFileSystemProps, HealthCheck, LogProps, S3BucketProps } from '../../services';
3
3
  import { VpcProps } from 'aws-cdk-lib/aws-ec2';
4
+ import { OriginRequestPolicyProps, ResponseHeadersStrictTransportSecurity, ResponseSecurityHeadersBehavior, ResponseHeadersPolicyProps } from 'aws-cdk-lib/aws-cloudfront';
5
+ import { SiteResponseHeaderPolicyType } from './constants';
4
6
  /**
5
7
  */
6
8
  export interface SiteWithEcsBackendProps extends CommonStackProps {
@@ -18,6 +20,8 @@ export interface SiteWithEcsBackendProps extends CommonStackProps {
18
20
  siteHealthCheck: HealthCheck;
19
21
  siteLog: LogProps;
20
22
  siteLogBucket: S3BucketProps;
23
+ siteOriginRequestPolicy: OriginRequestPolicyProps;
24
+ siteOriginResponseHeadersPolicy: SiteResponseHeadersPolicyProps;
21
25
  siteRecordName?: string;
22
26
  siteRegionalCertificate: AcmProps;
23
27
  siteSubDomain: string;
@@ -27,3 +31,13 @@ export interface SiteWithEcsBackendProps extends CommonStackProps {
27
31
  useExistingHostedZone: boolean;
28
32
  useExistingVpc: boolean;
29
33
  }
34
+ export interface SiteResponseHeadersStrictTransportSecurity extends ResponseHeadersStrictTransportSecurity {
35
+ accessControlMaxAgeInSeconds: number;
36
+ }
37
+ export interface SiteSecurityHeadersBehavior extends ResponseSecurityHeadersBehavior {
38
+ strictTransportSecurity: SiteResponseHeadersStrictTransportSecurity;
39
+ }
40
+ export interface SiteResponseHeadersPolicyProps extends ResponseHeadersPolicyProps {
41
+ securityHeadersBehavior: SiteSecurityHeadersBehavior;
42
+ type: SiteResponseHeaderPolicyType;
43
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gradientedge/cdk-utils",
3
- "version": "8.97.0",
3
+ "version": "8.98.0",
4
4
  "description": "Utilities for AWS CDK provisioning",
5
5
  "main": "dist/index.js",
6
6
  "engines": {
package/src/lib/construct/site-with-ecs-backend/constants.ts ADDED
@@ -0,0 +1,4 @@
1
+ export enum SiteResponseHeaderPolicyType {
2
+ ORIGIN = 'origin',
3
+ STATIC = 'static',
4
+ }
package/src/lib/construct/site-with-ecs-backend/index.ts CHANGED
@@ -1,2 +1,3 @@
1
+ export * from './constants'
1
2
  export * from './main'
2
3
  export * from './types'
package/src/lib/construct/site-with-ecs-backend/main.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import * as _ from 'lodash'
1
2
  import * as cdk from 'aws-cdk-lib'
2
3
  import * as certificateManager from 'aws-cdk-lib/aws-certificatemanager'
3
4
  import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'
@@ -13,7 +14,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3'
13
14
  import * as efs from 'aws-cdk-lib/aws-efs'
14
15
  import { Construct } from 'constructs'
15
16
  import { CommonConstruct } from '../../common'
16
- import { SiteWithEcsBackendProps } from './types'
17
+ import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps } from './types'
17
18
 
18
19
  /**
19
20
  * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
@@ -62,6 +63,8 @@ export class SiteWithEcsBackend extends CommonConstruct {
62
63
  siteDomainNames: string[]
63
64
  siteCloudfrontFunction: cloudfront.Function
64
65
  siteFunctionAssociations: cloudfront.FunctionAssociation[]
66
+ siteOriginRequestPolicy: cloudfront.OriginRequestPolicy
67
+ siteOriginResponseHeadersPolicy?: cloudfront.ResponseHeadersPolicy
65
68
 
66
69
  constructor(parent: Construct, id: string, props: SiteWithEcsBackendProps) {
67
70
  super(parent, id, props)
@@ -88,6 +91,8 @@ export class SiteWithEcsBackend extends CommonConstruct {
88
91
  this.createEcsBuildArgs()
89
92
  this.createEcsContainerImage()
90
93
  this.createEcsService()
94
+ this.createSiteOriginRequestPolicy()
95
+ this.createSiteOriginResponseHeadersPolicy()
91
96
  this.createSiteOrigin()
92
97
  this.createSiteCloudfrontFunction()
93
98
  this.resolveSiteFunctionAssociations()
@@ -402,9 +407,50 @@ export class SiteWithEcsBackend extends CommonConstruct {
402
407
  this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket)
403
408
  }
404
409
 
410
+ protected createSiteOriginRequestPolicy() {
411
+ if (!this.props.siteOriginRequestPolicy) return
412
+ this.siteOriginRequestPolicy = new cloudfront.OriginRequestPolicy(this, `${this.id}-sorp`, {
413
+ comment: `Request Policy for ${this.id}-distribution - ${this.props.stage} stage`,
414
+ cookieBehavior: this.props.siteOriginRequestPolicy.cookieBehavior,
415
+ headerBehavior: this.props.siteOriginRequestPolicy.headerBehavior,
416
+ originRequestPolicyName: `${this.id}-origin-request`,
417
+ queryStringBehavior: this.props.siteOriginRequestPolicy.queryStringBehavior,
418
+ })
419
+
420
+ _.assign(this.props.siteDistribution.defaultBehavior, {
421
+ originRequestPolicy: this.siteOriginRequestPolicy,
422
+ })
423
+ }
424
+
425
+ protected createResponseHeaderPolicy(props: SiteResponseHeadersPolicyProps) {
426
+ if (!props) return undefined
427
+ return new cloudfront.ResponseHeadersPolicy(this, `${this.id}-${props.type}-srhp`, {
428
+ ...props,
429
+ comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
430
+ responseHeadersPolicyName: `${this.id}-${props.type}-response`,
431
+ securityHeadersBehavior: {
432
+ strictTransportSecurity: {
433
+ ...props.securityHeadersBehavior?.strictTransportSecurity,
434
+ accessControlMaxAge: cdk.Duration.seconds(
435
+ props.securityHeadersBehavior?.strictTransportSecurity?.accessControlMaxAgeInSeconds
436
+ ),
437
+ },
438
+ },
439
+ })
440
+ }
441
+
442
+ protected createSiteOriginResponseHeadersPolicy() {
443
+ if (!this.props.siteOriginResponseHeadersPolicy) return
444
+ this.siteOriginResponseHeadersPolicy = this.createResponseHeaderPolicy(this.props.siteOriginResponseHeadersPolicy)
445
+ _.assign(this.props.siteDistribution.defaultBehavior, {
446
+ responseHeadersPolicy: this.siteOriginResponseHeadersPolicy,
447
+ })
448
+ }
449
+
405
450
  protected createSiteOrigin() {
406
451
  this.siteOrigin = new origins.HttpOrigin(this.siteInternalDomainName, {
407
452
  httpPort: this.props.siteTask.listenerPort,
453
+ originId: `${this.id}-server`,
408
454
  protocolPolicy: cloudfront.OriginProtocolPolicy.HTTPS_ONLY,
409
455
  })
410
456
  }
package/src/lib/construct/site-with-ecs-backend/types.ts CHANGED
@@ -12,6 +12,13 @@ import {
12
12
  S3BucketProps,
13
13
  } from '../../services'
14
14
  import { VpcProps } from 'aws-cdk-lib/aws-ec2'
15
+ import {
16
+ OriginRequestPolicyProps,
17
+ ResponseHeadersStrictTransportSecurity,
18
+ ResponseSecurityHeadersBehavior,
19
+ ResponseHeadersPolicyProps,
20
+ } from 'aws-cdk-lib/aws-cloudfront'
21
+ import { SiteResponseHeaderPolicyType } from './constants'
15
22
 
16
23
  /**
17
24
  */
@@ -30,6 +37,8 @@ export interface SiteWithEcsBackendProps extends CommonStackProps {
30
37
  siteHealthCheck: HealthCheck
31
38
  siteLog: LogProps
32
39
  siteLogBucket: S3BucketProps
40
+ siteOriginRequestPolicy: OriginRequestPolicyProps
41
+ siteOriginResponseHeadersPolicy: SiteResponseHeadersPolicyProps
33
42
  siteRecordName?: string
34
43
  siteRegionalCertificate: AcmProps
35
44
  siteSubDomain: string
@@ -39,3 +48,16 @@ export interface SiteWithEcsBackendProps extends CommonStackProps {
39
48
  useExistingHostedZone: boolean
40
49
  useExistingVpc: boolean
41
50
  }
51
+
52
+ export interface SiteResponseHeadersStrictTransportSecurity extends ResponseHeadersStrictTransportSecurity {
53
+ accessControlMaxAgeInSeconds: number
54
+ }
55
+
56
+ export interface SiteSecurityHeadersBehavior extends ResponseSecurityHeadersBehavior {
57
+ strictTransportSecurity: SiteResponseHeadersStrictTransportSecurity
58
+ }
59
+
60
+ export interface SiteResponseHeadersPolicyProps extends ResponseHeadersPolicyProps {
61
+ securityHeadersBehavior: SiteSecurityHeadersBehavior
62
+ type: SiteResponseHeaderPolicyType
63
+ }