Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: origin request policy
Browse files Browse the repository at this point in the history
thijsdaniels committed Jul 15, 2024
1 parent fa1f7e5 commit cb4a26e
Showing 6 changed files with 45 additions and 4 deletions.
5 changes: 5 additions & 0 deletions .changeset/curly-trainers-shop.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@codedazur/cdk-docker-cluster": minor
---

The AllViewer origin request policy is now used by default.
5 changes: 5 additions & 0 deletions .changeset/five-needles-appear.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@codedazur/cdk-static-site": minor
---

The S3 origin with CORS origin request policy is now used by default.
5 changes: 5 additions & 0 deletions .changeset/rude-nails-jam.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@codedazur/cdk-site-distribution": minor
---

It is now supported to provide a custom origin request policy.
24 changes: 21 additions & 3 deletions packages/cdk-docker-cluster/src/constructs/DockerCluster.ts
Original file line number Diff line number Diff line change
@@ -3,7 +3,11 @@ import {
SiteDistributionProps,
} from "@codedazur/cdk-site-distribution";
import { App } from "aws-cdk-lib";
import { CachePolicy, OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront";
import {
CachePolicy,
OriginProtocolPolicy,
OriginRequestPolicy,
} from "aws-cdk-lib/aws-cloudfront";
import { LoadBalancerV2Origin } from "aws-cdk-lib/aws-cloudfront-origins";
import { Platform } from "aws-cdk-lib/aws-ecr-assets";
import {
@@ -125,21 +129,35 @@ export class DockerCluster extends Construct {
/**
* This retrieves the managed "UseOriginCacheControlHeaders-QueryStrings"
* cache policy, which is designed for use with an origin that sends
* Cache-Control headers with the object and includes query strings in the
* cache key.
* Cache-Control headers with the object, which is recommended for use with
* an Application Load Balancer, and includes query strings in the cache
* key.
*/
const cachePolicy = CachePolicy.fromCachePolicyId(
this,
"CachePolicy",
"4cc15a8a-d715-48a4-82b8-cc0b614638fe",
);

/**
* This retrieves the managed "AllViewer" origin request policy, which
* includes all values (query strings, headers, and cookies) in the viewer
* request, which is recommended for use with an Application Load Balancer
* endpoint.
*/
const originRequestPolicy = OriginRequestPolicy.fromOriginRequestPolicyId(
this,
"OriginRequestPolicy",
"216adef6-5c7f-47e4-b989-5492eafa07d3",
);

return new SiteDistribution(this, "Distribution", {
...this.props.distribution,
origin: new LoadBalancerV2Origin(this.service.loadBalancer, {
protocolPolicy: OriginProtocolPolicy.HTTP_ONLY,
}),
cachePolicy,
originRequestPolicy,
});
}

Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@ import {
FunctionEventType,
ICachePolicy,
IOrigin,
IOriginRequestPolicy,
PriceClass,
ViewerProtocolPolicy,
} from "aws-cdk-lib/aws-cloudfront";
@@ -42,6 +43,7 @@ export interface SiteDistributionProps {
zone?: IHostedZone;
};
cachePolicy?: ICachePolicy;
originRequestPolicy?: IOriginRequestPolicy;
invalidateCache?: boolean | string[];
}

@@ -294,6 +296,7 @@ export class SiteDistribution extends Construct {
domainNames: this.domain ? [this.domain] : undefined,
defaultBehavior: {
origin: this.props.origin,
originRequestPolicy: this.props.originRequestPolicy,
viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
functionAssociations: [
...(this.functions.viewerRequest
7 changes: 6 additions & 1 deletion packages/cdk-static-site/src/constructs/StaticSite.ts
Original file line number Diff line number Diff line change
@@ -3,7 +3,11 @@ import {
SiteDistributionProps,
} from "@codedazur/cdk-site-distribution";
import { CfnOutput, RemovalPolicy } from "aws-cdk-lib";
import { FunctionCode, OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront";
import {
FunctionCode,
OriginProtocolPolicy,
OriginRequestPolicy,
} from "aws-cdk-lib/aws-cloudfront";
import { HttpOrigin } from "aws-cdk-lib/aws-cloudfront-origins";
import { AnyPrincipal, Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
import { BlockPublicAccess, Bucket } from "aws-cdk-lib/aws-s3";
@@ -110,6 +114,7 @@ export class StaticSite extends Construct {
Referer: this.refererSecret.secretValue.toString(),
},
}),
originRequestPolicy: OriginRequestPolicy.CORS_S3_ORIGIN,
functions: {
viewerRequest: [
this.getAppendSlashCode(),

0 comments on commit cb4a26e

Please sign in to comment.