aws-cdk-lib 2.167.2__py3-none-any.whl → 2.169.0__py3-none-any.whl

aws_cdk/aws_cloudfront/__init__.py

@@ -225,6 +225,39 @@ cloudfront.Distribution(self, "myDist",
 )
 ```
 
+### Attaching WAF Web Acls
+
+You can attach the AWS WAF web ACL to a CloudFront distribution.
+
+To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
+`arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a`.
+The web ACL must be in the `us-east-1` region.
+
+To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example `473e64fd-f30b-4765-81a0-62ad96dd167a`.
+
+```python
+# bucket_origin: origins.S3Origin
+# web_acl: wafv2.CfnWebACL
+
+distribution = cloudfront.Distribution(self, "Distribution",
+    default_behavior=cloudfront.BehaviorOptions(origin=bucket_origin),
+    web_acl_id=web_acl.attr_arn
+)
+```
+
+You can also attach a web ACL to a distribution after creation.
+
+```python
+# bucket_origin: origins.S3Origin
+# web_acl: wafv2.CfnWebACL
+
+distribution = cloudfront.Distribution(self, "Distribution",
+    default_behavior=cloudfront.BehaviorOptions(origin=bucket_origin)
+)
+
+distribution.attach_web_acl_id(web_acl.attr_arn)
+```
+
 ### Customizing Cache Keys and TTLs with Cache Policies
 
 You can use a cache policy to improve your cache hit ratio by controlling the values (URL query strings, HTTP headers, and cookies)
@@ -23753,6 +23786,17 @@ class Distribution(
 
         return typing.cast(None, jsii.invoke(self, "addBehavior", [path_pattern, origin, behavior_options]))
 
+    @jsii.member(jsii_name="attachWebAclId")
+    def attach_web_acl_id(self, web_acl_id: builtins.str) -> None:
+        '''Attach WAF WebACL to this CloudFront distribution.
+
+        :param web_acl_id: The WAF WebACL to associate with this distribution.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__12aa9fa01675ec283b93d82dff1b83aaf4ed90beee1e944bba61b1e00701d82a)
+            check_type(argname="argument web_acl_id", value=web_acl_id, expected_type=type_hints["web_acl_id"])
+        return typing.cast(None, jsii.invoke(self, "attachWebAclId", [web_acl_id]))
+
     @jsii.member(jsii_name="grant")
     def grant(
         self,
@@ -24538,6 +24582,207 @@ class Function(
         return typing.cast(builtins.str, jsii.get(self, "functionStage"))
 
 
+@jsii.implements(IOriginAccessControl)
+class FunctionUrlOriginAccessControl(
+    _Resource_45bc6135,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_cloudfront.FunctionUrlOriginAccessControl",
+):
+    '''An Origin Access Control for Lambda Function URLs.
+
+    :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html
+    :resource: AWS::CloudFront::OriginAccessControl
+    :exampleMetadata: infused
+
+    Example::
+
+        import aws_cdk.aws_lambda as lambda_
+        # fn: lambda.Function
+        
+        
+        fn_url = fn.add_function_url(
+            auth_type=lambda_.FunctionUrlAuthType.AWS_IAM
+        )
+        
+        # Define a custom OAC
+        oac = cloudfront.FunctionUrlOriginAccessControl(self, "MyOAC",
+            origin_access_control_name="CustomLambdaOAC",
+            signing=cloudfront.Signing.SIGV4_ALWAYS
+        )
+        
+        # Set up Lambda Function URL with OAC in CloudFront Distribution
+        cloudfront.Distribution(self, "MyDistribution",
+            default_behavior=cloudfront.BehaviorOptions(
+                origin=origins.FunctionUrlOrigin.with_origin_access_control(fn_url,
+                    origin_access_control=oac
+                )
+            )
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        description: typing.Optional[builtins.str] = None,
+        origin_access_control_name: typing.Optional[builtins.str] = None,
+        signing: typing.Optional[Signing] = None,
+    ) -> None:
+        '''
+        :param scope: -
+        :param id: -
+        :param description: A description of the origin access control. Default: - no description
+        :param origin_access_control_name: A name to identify the origin access control, with a maximum length of 64 characters. Default: - a generated name
+        :param signing: Specifies which requests CloudFront signs and the signing protocol. Default: SIGV4_ALWAYS
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7c435d2d2a47e56fedcaac07e7c31ef46db8241b5d6286cf12905609d8174d2e)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = FunctionUrlOriginAccessControlProps(
+            description=description,
+            origin_access_control_name=origin_access_control_name,
+            signing=signing,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="fromOriginAccessControlId")
+    @builtins.classmethod
+    def from_origin_access_control_id(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        origin_access_control_id: builtins.str,
+    ) -> IOriginAccessControl:
+        '''Imports a Lambda Function URL origin access control from its id.
+
+        :param scope: -
+        :param id: -
+        :param origin_access_control_id: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__14d6d580a802855a4d6f3aadc8ef536814cfcbcce4bde782eaebd5a5ec2ef53f)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument origin_access_control_id", value=origin_access_control_id, expected_type=type_hints["origin_access_control_id"])
+        return typing.cast(IOriginAccessControl, jsii.sinvoke(cls, "fromOriginAccessControlId", [scope, id, origin_access_control_id]))
+
+    @builtins.property
+    @jsii.member(jsii_name="originAccessControlId")
+    def origin_access_control_id(self) -> builtins.str:
+        '''The unique identifier of this Origin Access Control.
+
+        :attribute: true
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "originAccessControlId"))
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_cloudfront.FunctionUrlOriginAccessControlProps",
+    jsii_struct_bases=[OriginAccessControlBaseProps],
+    name_mapping={
+        "description": "description",
+        "origin_access_control_name": "originAccessControlName",
+        "signing": "signing",
+    },
+)
+class FunctionUrlOriginAccessControlProps(OriginAccessControlBaseProps):
+    def __init__(
+        self,
+        *,
+        description: typing.Optional[builtins.str] = None,
+        origin_access_control_name: typing.Optional[builtins.str] = None,
+        signing: typing.Optional[Signing] = None,
+    ) -> None:
+        '''Properties for creating a Lambda Function URL Origin Access Control resource.
+
+        :param description: A description of the origin access control. Default: - no description
+        :param origin_access_control_name: A name to identify the origin access control, with a maximum length of 64 characters. Default: - a generated name
+        :param signing: Specifies which requests CloudFront signs and the signing protocol. Default: SIGV4_ALWAYS
+
+        :exampleMetadata: infused
+
+        Example::
+
+            import aws_cdk.aws_lambda as lambda_
+            # fn: lambda.Function
+            
+            
+            fn_url = fn.add_function_url(
+                auth_type=lambda_.FunctionUrlAuthType.AWS_IAM
+            )
+            
+            # Define a custom OAC
+            oac = cloudfront.FunctionUrlOriginAccessControl(self, "MyOAC",
+                origin_access_control_name="CustomLambdaOAC",
+                signing=cloudfront.Signing.SIGV4_ALWAYS
+            )
+            
+            # Set up Lambda Function URL with OAC in CloudFront Distribution
+            cloudfront.Distribution(self, "MyDistribution",
+                default_behavior=cloudfront.BehaviorOptions(
+                    origin=origins.FunctionUrlOrigin.with_origin_access_control(fn_url,
+                        origin_access_control=oac
+                    )
+                )
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__207551b5918cb2acd48d7da3c08e9254a8c19ba3c2219d13ee23918521aa2a36)
+            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument origin_access_control_name", value=origin_access_control_name, expected_type=type_hints["origin_access_control_name"])
+            check_type(argname="argument signing", value=signing, expected_type=type_hints["signing"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if description is not None:
+            self._values["description"] = description
+        if origin_access_control_name is not None:
+            self._values["origin_access_control_name"] = origin_access_control_name
+        if signing is not None:
+            self._values["signing"] = signing
+
+    @builtins.property
+    def description(self) -> typing.Optional[builtins.str]:
+        '''A description of the origin access control.
+
+        :default: - no description
+        '''
+        result = self._values.get("description")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def origin_access_control_name(self) -> typing.Optional[builtins.str]:
+        '''A name to identify the origin access control, with a maximum length of 64 characters.
+
+        :default: - a generated name
+        '''
+        result = self._values.get("origin_access_control_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def signing(self) -> typing.Optional[Signing]:
+        '''Specifies which requests CloudFront signs and the signing protocol.
+
+        :default: SIGV4_ALWAYS
+
+        :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig-signingbehavior
+        '''
+        result = self._values.get("signing")
+        return typing.cast(typing.Optional[Signing], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "FunctionUrlOriginAccessControlProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 __all__ = [
     "AccessLevel",
     "AddBehaviorOptions",
@@ -24600,6 +24845,8 @@ __all__ = [
     "FunctionEventType",
     "FunctionProps",
     "FunctionRuntime",
+    "FunctionUrlOriginAccessControl",
+    "FunctionUrlOriginAccessControlProps",
     "GeoRestriction",
     "HeadersFrameOption",
     "HeadersReferrerPolicy",
@@ -26973,6 +27220,12 @@ def _typecheckingstub__f94c33f8f74d148b7c436f42a002e770c6ad95241e489b963596aea62
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__12aa9fa01675ec283b93d82dff1b83aaf4ed90beee1e944bba61b1e00701d82a(
+    web_acl_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__570665aa807bcddef2b06088f934fc7c08e51ec76b12bb573dce40bcd558c053(
     identity: _IGrantable_71c4f5de,
     *actions: builtins.str,
@@ -27025,3 +27278,31 @@ def _typecheckingstub__5989cbf7079014eacde0ab3a45d42fc3fb56a2cf17ecfbacd7bc46da0
 ) -> None:
     """Type checking stubs"""
     pass
+
+def _typecheckingstub__7c435d2d2a47e56fedcaac07e7c31ef46db8241b5d6286cf12905609d8174d2e(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    description: typing.Optional[builtins.str] = None,
+    origin_access_control_name: typing.Optional[builtins.str] = None,
+    signing: typing.Optional[Signing] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__14d6d580a802855a4d6f3aadc8ef536814cfcbcce4bde782eaebd5a5ec2ef53f(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    origin_access_control_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__207551b5918cb2acd48d7da3c08e9254a8c19ba3c2219d13ee23918521aa2a36(
+    *,
+    description: typing.Optional[builtins.str] = None,
+    origin_access_control_name: typing.Optional[builtins.str] = None,
+    signing: typing.Optional[Signing] = None,
+) -> None:
+    """Type checking stubs"""
+    pass

aws_cdk/aws_cloudfront/experimental/__init__.py

@@ -84,6 +84,7 @@ from ...aws_lambda import (
     LambdaInsightsVersion as _LambdaInsightsVersion_9dfbfef9,
     LogRetentionRetryOptions as _LogRetentionRetryOptions_ad797a7a,
     LoggingFormat as _LoggingFormat_30be8e01,
+    MetricsConfig as _MetricsConfig_48ab59c4,
     ParamsAndSecretsLayerVersion as _ParamsAndSecretsLayerVersion_dce97f06,
     Permission as _Permission_9def3964,
     RecursiveLoop as _RecursiveLoop_fc293827,
@@ -388,6 +389,7 @@ class EdgeFunction(
         max_batching_window: typing.Optional[_Duration_4839e8c3] = None,
         max_concurrency: typing.Optional[jsii.Number] = None,
         max_record_age: typing.Optional[_Duration_4839e8c3] = None,
+        metrics_config: typing.Optional[typing.Union[_MetricsConfig_48ab59c4, typing.Dict[builtins.str, typing.Any]]] = None,
         on_failure: typing.Optional[_IEventSourceDlq_5e2c6ad9] = None,
         parallelization_factor: typing.Optional[jsii.Number] = None,
         report_batch_item_failures: typing.Optional[builtins.bool] = None,
@@ -413,6 +415,7 @@ class EdgeFunction(
         :param max_batching_window: The maximum amount of time to gather records before invoking the function. Maximum of Duration.minutes(5) Default: Duration.seconds(0)
         :param max_concurrency: The maximum concurrency setting limits the number of concurrent instances of the function that an Amazon SQS event source can invoke. Default: - No specific limit.
         :param max_record_age: The maximum age of a record that Lambda sends to a function for processing. Valid Range: - Minimum value of 60 seconds - Maximum value of 7 days Default: - infinite or until the record expires.
+        :param metrics_config: Configuration for enhanced monitoring metrics collection When specified, enables collection of additional metrics for the stream event source. Default: - Enhanced monitoring is disabled
         :param on_failure: An Amazon SQS queue or Amazon SNS topic destination for discarded records. Default: discarded records are ignored
         :param parallelization_factor: The number of batches to process from each shard concurrently. Valid Range: - Minimum value of 1 - Maximum value of 10 Default: 1
         :param report_batch_item_failures: Allow functions to return partially successful responses for a batch of records. Default: false
@@ -439,6 +442,7 @@ class EdgeFunction(
             max_batching_window=max_batching_window,
             max_concurrency=max_concurrency,
             max_record_age=max_record_age,
+            metrics_config=metrics_config,
             on_failure=on_failure,
             parallelization_factor=parallelization_factor,
             report_batch_item_failures=report_batch_item_failures,
@@ -2048,6 +2052,7 @@ def _typecheckingstub__e3a2f6769309cd3c52da869813738e2d4a94d233e574ada7ebba1654d
     max_batching_window: typing.Optional[_Duration_4839e8c3] = None,
     max_concurrency: typing.Optional[jsii.Number] = None,
     max_record_age: typing.Optional[_Duration_4839e8c3] = None,
+    metrics_config: typing.Optional[typing.Union[_MetricsConfig_48ab59c4, typing.Dict[builtins.str, typing.Any]]] = None,
     on_failure: typing.Optional[_IEventSourceDlq_5e2c6ad9] = None,
     parallelization_factor: typing.Optional[jsii.Number] = None,
     report_batch_item_failures: typing.Optional[builtins.bool] = None,