@aws-solutions-constructs/aws-cloudfront-s3
v2.54.0
Published
CDK Constructs for AWS Cloudfront to AWS S3 integration.
Downloads
55,532
Maintainers
Readme
aws-cloudfront-s3 module
| Reference Documentation:| https://docs.aws.amazon.com/solutions/latest/constructs/| |:-------------|:-------------|
| Language | Package |
|:-------------|-----------------|
| Python|aws_solutions_constructs.aws_cloudfront_s3
|
| Typescript|@aws-solutions-constructs/aws-cloudfront-s3
|
| Java|software.amazon.awsconstructs.services.cloudfronts3
|
Overview
This AWS Solutions Construct provisions an Amazon CloudFront Distribution that serves objects from an AWS S3 Bucket via an Origin Access Control (OAC).
Here is a minimal deployable pattern definition:
Typescript
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { CloudFrontToS3 } from '@aws-solutions-constructs/aws-cloudfront-s3';
new CloudFrontToS3(this, 'test-cloudfront-s3', {});
Python
from aws_solutions_constructs.aws_cloudfront_s3 import CloudFrontToS3
from aws_cdk import Stack
from constructs import Construct
CloudFrontToS3(self, 'test-cloudfront-s3')
Java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awsconstructs.services.cloudfronts3.*;
new CloudFrontToS3(this, "test-cloudfront-s3", new CloudFrontToS3Props.Builder()
.build());
Pattern Construct Props
| Name | Type | Description |
|:-------------|:----------------|-----------------|
|existingBucketObj?|s3.IBucket
|Existing instance of S3 Bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
|bucketProps?|s3.BucketProps
|Optional user provided props to override the default props for the S3 Bucket.|
|cloudFrontDistributionProps?|cloudfront.DistributionProps
|Optional user provided props to override the default props for CloudFront Distribution|
|insertHttpSecurityHeaders?|boolean
|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
| responseHeadersPolicyProps? | cloudfront.ResponseHeadersPolicyProps
| Optional user provided configuration that cloudfront applies to all http responses.|
|originPath?|string
|Optional user provided props to provide anoriginPath that CloudFront appends to the origin domain name when CloudFront requests content from the origin. The string should start with a /
, for example: /production
. Default value is '/'
|
|loggingBucketProps?|s3.BucketProps
|Optional user provided props to override the default props for the S3 Logging Bucket.|
|cloudFrontLoggingBucketProps?|s3.BucketProps
|Optional user provided props to override the default props for the CloudFront Logging Bucket.|
|logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|
Pattern Properties
| Name | Type | Description |
|:-------------|:----------------|-----------------|
|cloudFrontWebDistribution|cloudfront.Distribution
|Returns an instance of cloudfront.Distribution created by the construct.|
|cloudFrontFunction?|cloudfront.Function
|Returns an instance of the Cloudfront function created by the construct.|
|cloudFrontLoggingBucket|s3.Bucket
|Returns an instance of the logging bucket for the CloudFront Distribution.|
|s3BucketInterface|s3.IBucket
|Returns an instance of s3.IBucket created by the construct.|
|s3Bucket?|s3.Bucket
|Returns an instance of s3.Bucket created by the construct. IMPORTANT: If existingBucketObj
was provided in Pattern Construct Props, this property will be undefined
|
|s3LoggingBucket?|s3.Bucket
|Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket.|
|originAccessControl?|cloudfront.CfnOriginAccessControl
|Returns an instance of cloudfront.CfnOriginAccessControl created by the construct.|
Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
Amazon CloudFront
- Configure Access logging for CloudFront Distribution
- Enable automatic injection of best practice HTTP security headers in all responses from CloudFront Distribution
- CloudFront originPath set to
'/'
Amazon S3 Bucket
- Configure Access logging for S3 Bucket
- Enable server-side encryption for S3 Bucket using AWS managed KMS Key
- Enforce encryption of data in transit
- Turn on the versioning for S3 Bucket
- Don't allow public access for S3 Bucket
- Retain the S3 Bucket when deleting the CloudFormation stack
- Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Architecture
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.