Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
@aws-cdk/aws-cloudfront-origins
Advanced tools
This library contains convenience methods for defining origins for a CloudFront distribution. You can use this library to create origins from S3 buckets, Elastic Load Balancing v2 load balancers, or any other domain name.
An S3 bucket can be added as an origin. If the bucket is configured as a website endpoint, the distribution can use S3 redirects and S3 custom error documents.
const myBucket = new s3.Bucket(this, 'myBucket');
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: { origin: new origins.S3Origin(myBucket) },
});
The above will treat the bucket differently based on if IBucket.isWebsite
is set or not. If the bucket is configured as a website, the bucket is
treated as an HTTP origin, and the built-in S3 redirects and error pages can be used. Otherwise, the bucket is handled as a bucket origin and
CloudFront's redirect and error handling will be used. In the latter case, the Origin will create an origin access identity and grant it access to the
underlying bucket. This can be used in conjunction with a bucket that is not public to require that your users access your content using CloudFront
URLs and not S3 URLs directly. Alternatively, a custom origin access identity can be passed to the S3 origin in the properties.
You can configure CloudFront to add custom headers to the requests that it sends to your origin. These custom headers enable you to send and gather information from your origin that you don’t get with typical viewer requests. These headers can even be customized for each origin. CloudFront supports custom headers for both for custom and Amazon S3 origins.
const myBucket = new s3.Bucket(this, 'myBucket');
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: { origin: new origins.S3Origin(myBucket, {
customHeaders: {
Foo: 'bar',
},
})},
});
An Elastic Load Balancing (ELB) v2 load balancer may be used as an origin. In order for a load balancer to serve as an origin, it must be publicly
accessible (internetFacing
is true). Both Application and Network load balancers are supported.
import * as ec2 from '@aws-cdk/aws-ec2';
import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2';
declare const vpc: ec2.Vpc;
// Create an application load balancer in a VPC. 'internetFacing' must be 'true'
// for CloudFront to access the load balancer and use it as an origin.
const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
vpc,
internetFacing: true,
});
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: { origin: new origins.LoadBalancerV2Origin(lb) },
});
The origin can also be customized to respond on different ports, have different connection properties, etc.
import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2';
declare const loadBalancer: elbv2.ApplicationLoadBalancer;
const origin = new origins.LoadBalancerV2Origin(loadBalancer, {
connectionAttempts: 3,
connectionTimeout: Duration.seconds(5),
readTimeout: Duration.seconds(45),
keepaliveTimeout: Duration.seconds(45),
protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER,
});
Note that the readTimeout
and keepaliveTimeout
properties can extend their values over 60 seconds only if a limit increase request for CloudFront origin response timeout
quota has been approved in the target account; otherwise, values over 60 seconds will produce an error at deploy time. Consider that this value is
still limited to a maximum value of 180 seconds, which is a hard limit for that quota.
Origins can also be created from any other HTTP endpoint, given the domain name, and optionally, other origin properties.
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: { origin: new origins.HttpOrigin('www.example.com') },
});
See the documentation of @aws-cdk/aws-cloudfront
for more information.
You can set up CloudFront with origin failover for scenarios that require high availability.
To get started, you create an origin group with two origins: a primary and a secondary.
If the primary origin is unavailable, or returns specific HTTP response status codes that indicate a failure,
CloudFront automatically switches to the secondary origin.
You achieve that behavior in the CDK using the OriginGroup
class:
const myBucket = new s3.Bucket(this, 'myBucket');
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: {
origin: new origins.OriginGroup({
primaryOrigin: new origins.S3Origin(myBucket),
fallbackOrigin: new origins.HttpOrigin('www.example.com'),
// optional, defaults to: 500, 502, 503 and 504
fallbackStatusCodes: [404],
}),
},
});
Origins can be created from an API Gateway REST API. It is recommended to use a regional API in this case.
declare const api: apigateway.RestApi;
new cloudfront.Distribution(this, 'Distribution', {
defaultBehavior: { origin: new origins.RestApiOrigin(api) },
});
The origin path will automatically be set as the stage name.
FAQs
The CDK Construct Library for AWS CloudFront Origins
The npm package @aws-cdk/aws-cloudfront-origins receives a total of 2,577 weekly downloads. As such, @aws-cdk/aws-cloudfront-origins popularity was classified as popular.
We found that @aws-cdk/aws-cloudfront-origins demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.