From d557d822ffe8e42b0907f1d4e1a2b243f3430674 Mon Sep 17 00:00:00 2001 From: Thijs Daniels Date: Mon, 15 Jul 2024 02:17:17 +0200 Subject: [PATCH] feat: origin request policy --- .changeset/curly-trainers-shop.md | 5 ++ .changeset/five-needles-appear.md | 5 ++ .changeset/rude-nails-jam.md | 5 ++ package-lock.json | 54 ++++++++++++++----- .../src/constructs/DockerCluster.ts | 24 +++++++-- packages/cdk-sanity-site/src/index.ts | 1 + .../src/constructs/SiteDistribution.ts | 3 ++ .../src/constructs/StaticSite.ts | 7 ++- 8 files changed, 86 insertions(+), 18 deletions(-) create mode 100644 .changeset/curly-trainers-shop.md create mode 100644 .changeset/five-needles-appear.md create mode 100644 .changeset/rude-nails-jam.md create mode 100644 packages/cdk-sanity-site/src/index.ts diff --git a/.changeset/curly-trainers-shop.md b/.changeset/curly-trainers-shop.md new file mode 100644 index 00000000..5865b194 --- /dev/null +++ b/.changeset/curly-trainers-shop.md @@ -0,0 +1,5 @@ +--- +"@codedazur/cdk-docker-cluster": minor +--- + +The AllViewer origin request policy is now used by default. diff --git a/.changeset/five-needles-appear.md b/.changeset/five-needles-appear.md new file mode 100644 index 00000000..636f5808 --- /dev/null +++ b/.changeset/five-needles-appear.md @@ -0,0 +1,5 @@ +--- +"@codedazur/cdk-static-site": minor +--- + +The S3 origin with CORS origin request policy is now used by default. diff --git a/.changeset/rude-nails-jam.md b/.changeset/rude-nails-jam.md new file mode 100644 index 00000000..a8e953a4 --- /dev/null +++ b/.changeset/rude-nails-jam.md @@ -0,0 +1,5 @@ +--- +"@codedazur/cdk-site-distribution": minor +--- + +It is now supported to provide a custom origin request policy. diff --git a/package-lock.json b/package-lock.json index 060ea416..9ed78532 100644 --- a/package-lock.json +++ b/package-lock.json @@ -38,7 +38,7 @@ "dependencies": { "@apps/storybook": "*", "@apps/website": "*", - "@codedazur/cdk-static-site": "^2.0.0", + "@codedazur/cdk-static-site": "^2.0.6", "@codedazur/essentials": "^1.9.1", "aws-cdk-lib": "^2.147.2", "constructs": "^10.3.0" @@ -74,8 +74,8 @@ "@codedazur/react-dictionary": "^0.2.2", "@codedazur/react-essentials": "^1.4.2", "@codedazur/react-forms": "^0.1.1", - "@codedazur/react-media": "^1.0.1", - "@codedazur/react-notifications": "^0.1.4", + "@codedazur/react-media": "^1.0.2", + "@codedazur/react-notifications": "^0.1.5", "@codedazur/react-pagination": "^1.0.2", "@codedazur/react-parallax": "^0.1.1", "@codedazur/react-preferences": "^1.0.1", @@ -116,8 +116,8 @@ "@codedazur/react-components": "^25.2.1", "@codedazur/react-date-picker": "^0.0.2", "@codedazur/react-essentials": "^1.4.2", - "@codedazur/react-media": "^1.0.1", - "@codedazur/react-notifications": "^0.1.4", + "@codedazur/react-media": "^1.0.2", + "@codedazur/react-notifications": "^0.1.5", "@codedazur/react-pagination": "^1.0.2", "@codedazur/react-parallax": "^0.1.1", "next": "^14.2.4", @@ -3387,6 +3387,10 @@ "resolved": "packages/cdk-rpc-api", "link": true }, + "node_modules/@codedazur/cdk-sanity-site": { + "resolved": "packages/cdk-sanity-site", + "link": true + }, "node_modules/@codedazur/cdk-site-distribution": { "resolved": "packages/cdk-site-distribution", "link": true @@ -17603,6 +17607,7 @@ "version": "7.0.1", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz", "integrity": "sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==", + "dev": true, "dependencies": { "graceful-fs": "^4.1.2", "jsonfile": "^4.0.0", @@ -21200,6 +21205,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", "integrity": "sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg==", + "dev": true, "optionalDependencies": { "graceful-fs": "^4.1.6" } @@ -21753,6 +21759,7 @@ "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "dev": true, "engines": { "node": ">= 0.6" } @@ -21761,6 +21768,7 @@ "version": "2.1.35", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dev": true, "dependencies": { "mime-db": "1.52.0" }, @@ -26445,6 +26453,7 @@ "version": "0.1.2", "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "dev": true, "engines": { "node": ">= 4.0.0" } @@ -27662,10 +27671,10 @@ }, "packages/cdk-docker-cluster": { "name": "@codedazur/cdk-docker-cluster", - "version": "0.5.1", + "version": "0.7.0", "license": "MIT", "dependencies": { - "@codedazur/cdk-site-distribution": "^0.1.2" + "@codedazur/cdk-site-distribution": "^0.2.0" }, "devDependencies": { "@types/node": "^20.14.9", @@ -27701,10 +27710,10 @@ }, "packages/cdk-next-app": { "name": "@codedazur/cdk-next-app", - "version": "0.2.3", + "version": "0.2.9", "license": "MIT", "dependencies": { - "@codedazur/cdk-docker-cluster": "^0.5.1" + "@codedazur/cdk-docker-cluster": "^0.7.0" }, "devDependencies": { "@types/node": "^20.14.9", @@ -27732,9 +27741,26 @@ "constructs": ">=10" } }, + "packages/cdk-sanity-site": { + "version": "0.0.0", + "license": "MIT", + "dependencies": { + "@codedazur/cdk-static-site": "^2.0.5" + }, + "devDependencies": { + "@types/node": "^20.14.9", + "aws-cdk-lib": "^2.147.2", + "constructs": "^10.3.0", + "esbuild": "^0.21.5" + }, + "peerDependencies": { + "aws-cdk-lib": ">=2", + "constructs": ">=10" + } + }, "packages/cdk-site-distribution": { "name": "@codedazur/cdk-site-distribution", - "version": "0.1.2", + "version": "0.2.0", "license": "MIT", "dependencies": { "@codedazur/cdk-cache-invalidator": "^1.2.1" @@ -27752,10 +27778,10 @@ }, "packages/cdk-static-site": { "name": "@codedazur/cdk-static-site", - "version": "2.0.0", + "version": "2.0.6", "license": "MIT", "dependencies": { - "@codedazur/cdk-site-distribution": "^0.1.2" + "@codedazur/cdk-site-distribution": "^0.2.0" }, "devDependencies": { "@types/node": "^20.14.9", @@ -27874,7 +27900,7 @@ }, "packages/react-media": { "name": "@codedazur/react-media", - "version": "1.0.1", + "version": "1.0.2", "license": "MIT", "dependencies": { "@codedazur/essentials": "^1.9.1", @@ -27896,7 +27922,7 @@ }, "packages/react-notifications": { "name": "@codedazur/react-notifications", - "version": "0.1.4", + "version": "0.1.5", "license": "MIT", "dependencies": { "@codedazur/essentials": "^1.9.1", diff --git a/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts b/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts index da9b4903..164b8a15 100644 --- a/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts +++ b/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts @@ -3,7 +3,11 @@ import { SiteDistributionProps, } from "@codedazur/cdk-site-distribution"; import { App } from "aws-cdk-lib"; -import { CachePolicy, OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront"; +import { + CachePolicy, + OriginProtocolPolicy, + OriginRequestPolicy, +} from "aws-cdk-lib/aws-cloudfront"; import { LoadBalancerV2Origin } from "aws-cdk-lib/aws-cloudfront-origins"; import { Platform } from "aws-cdk-lib/aws-ecr-assets"; import { @@ -125,8 +129,9 @@ export class DockerCluster extends Construct { /** * This retrieves the managed "UseOriginCacheControlHeaders-QueryStrings" * cache policy, which is designed for use with an origin that sends - * Cache-Control headers with the object and includes query strings in the - * cache key. + * Cache-Control headers with the object, which is recommended for use with + * an Application Load Balancer, and includes query strings in the cache + * key. */ const cachePolicy = CachePolicy.fromCachePolicyId( this, @@ -134,12 +139,25 @@ export class DockerCluster extends Construct { "4cc15a8a-d715-48a4-82b8-cc0b614638fe", ); + /** + * This retrieves the managed "AllViewer" origin request policy, which + * includes all values (query strings, headers, and cookies) in the viewer + * request, which is recommended for use with an Application Load Balancer + * endpoint. + */ + const originRequestPolicy = OriginRequestPolicy.fromOriginRequestPolicyId( + this, + "OriginRequestPolicy", + "216adef6-5c7f-47e4-b989-5492eafa07d3", + ); + return new SiteDistribution(this, "Distribution", { ...this.props.distribution, origin: new LoadBalancerV2Origin(this.service.loadBalancer, { protocolPolicy: OriginProtocolPolicy.HTTP_ONLY, }), cachePolicy, + originRequestPolicy, }); } diff --git a/packages/cdk-sanity-site/src/index.ts b/packages/cdk-sanity-site/src/index.ts new file mode 100644 index 00000000..ab2cb648 --- /dev/null +++ b/packages/cdk-sanity-site/src/index.ts @@ -0,0 +1 @@ +export * from "./constructs/SanitySite"; diff --git a/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts b/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts index 527e791c..3e145762 100644 --- a/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts +++ b/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts @@ -12,6 +12,7 @@ import { FunctionEventType, ICachePolicy, IOrigin, + IOriginRequestPolicy, PriceClass, ViewerProtocolPolicy, } from "aws-cdk-lib/aws-cloudfront"; @@ -42,6 +43,7 @@ export interface SiteDistributionProps { zone?: IHostedZone; }; cachePolicy?: ICachePolicy; + originRequestPolicy?: IOriginRequestPolicy; invalidateCache?: boolean | string[]; } @@ -294,6 +296,7 @@ export class SiteDistribution extends Construct { domainNames: this.domain ? [this.domain] : undefined, defaultBehavior: { origin: this.props.origin, + originRequestPolicy: this.props.originRequestPolicy, viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS, functionAssociations: [ ...(this.functions.viewerRequest diff --git a/packages/cdk-static-site/src/constructs/StaticSite.ts b/packages/cdk-static-site/src/constructs/StaticSite.ts index 490bbf87..267c4250 100644 --- a/packages/cdk-static-site/src/constructs/StaticSite.ts +++ b/packages/cdk-static-site/src/constructs/StaticSite.ts @@ -3,7 +3,11 @@ import { SiteDistributionProps, } from "@codedazur/cdk-site-distribution"; import { CfnOutput, RemovalPolicy } from "aws-cdk-lib"; -import { FunctionCode, OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront"; +import { + FunctionCode, + OriginProtocolPolicy, + OriginRequestPolicy, +} from "aws-cdk-lib/aws-cloudfront"; import { HttpOrigin } from "aws-cdk-lib/aws-cloudfront-origins"; import { AnyPrincipal, Effect, PolicyStatement } from "aws-cdk-lib/aws-iam"; import { BlockPublicAccess, Bucket } from "aws-cdk-lib/aws-s3"; @@ -110,6 +114,7 @@ export class StaticSite extends Construct { Referer: this.refererSecret.secretValue.toString(), }, }), + originRequestPolicy: OriginRequestPolicy.CORS_S3_ORIGIN, functions: { viewerRequest: [ this.getAppendSlashCode(),