Skip to content

Latest commit

 

History

History

cdk-lambda-at-edge-pattern

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
API.md
API.md
 
 
README.md
README.md
 
 
lambda-file-sizes.json
lambda-file-sizes.json
 
 
package.json
package.json
 
 

README.md

cloudcomponents Logo

@cloudcomponents/cdk-lambda-at-edge-pattern

Build Status cdkdx typescript python

CDK Constructs for Lambda@Edge pattern: HttpHeaders

Install

TypeScript/JavaScript:

npm i @cloudcomponents/cdk-lambda-at-edge-pattern

Python:

pip install cloudcomponents.cdk-lambda-at-edge-pattern

How to use

import { Construct, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core';
import { StringParameter } from '@aws-cdk/aws-ssm';
import { SecurityPolicyProtocol } from '@aws-cdk/aws-cloudfront';
import { StaticWebsite } from '@cloudcomponents/cdk-static-website';
import { HttpHeaders } from '@cloudcomponents/cdk-lambda-at-edge-pattern';

export class StaticWebsiteStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps) {
    super(scope, id, props);

    const certificateArn = StringParameter.valueFromLookup(
      this,
      '/certificate/cloudcomponents.org',
    );

    const website = new StaticWebsite(this, 'StaticWebsite', {
      bucketConfiguration: {
        removalPolicy: RemovalPolicy.DESTROY,
      },
      aliasConfiguration: {
        domainName: 'cloudcomponents.org',
        names: ['www.cloudcomponents.org', 'cloudcomponents.org'],
        acmCertRef: certificateArn,
      },
    });

    // A us-east-1 stack is generated under the hood
    const httpHeaders = new HttpHeaders(this, 'HttpHeaders', {
      httpHeaders: {
        'Content-Security-Policy':
          "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'",
        'Strict-Transport-Security':
          'max-age=31536000; includeSubdomains; preload',
        'Referrer-Policy': 'same-origin',
        'X-XSS-Protection': '1; mode=block',
        'X-Frame-Options': 'DENY',
        'X-Content-Type-Options': 'nosniff',
        'Cache-Control': 'no-cache',
      },
    });

    website.addLambdaFunctionAssociation(httpHeaders);
  }
}

Cloudfront Distribution

new cloudfront.Distribution(this, 'myDist', {
  defaultBehavior: {
    origin: new origins.S3Origin(myBucket),
    edgeLambdas: [httpHeaders],
  },
});

Cloudfront WebDistribution

new cloudfront.CloudFrontWebDistribution(this, 'MyDistribution', {
  originConfigs: [
    {
      s3OriginSource: {
        s3BucketSource: sourceBucket
      },
      behaviors: [
        {
          isDefaultBehavior: true,
          lambdaFunctionAssociations: [httpHeaders],
        }
      ]
    }
  ]
 });

HttpHeaders

const httpHeaders = new HttpHeaders(this, 'HttpHeaders', {
  httpHeaders: {
    'Content-Security-Policy':
      "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'",
    'Strict-Transport-Security':
      'max-age=31536000; includeSubdomains; preload',
    'Referrer-Policy': 'same-origin',
    'X-XSS-Protection': '1; mode=block',
    'X-Frame-Options': 'DENY',
    'X-Content-Type-Options': 'nosniff',
    'Cache-Control': 'no-cache',
  },
});

OriginMutation

https://chrisschuld.com/2020/05/gatsby-hosting-on-cloudfront/

const originMutation = new OriginMutation(stack, 'OriginMutation');

API Reference

See API.md.

Example

See more complete examples.

License

MIT