@aws-cdk/aws-cloudfront-origins

CloudFront Origins for the CDK CloudFront Library

---

The APIs of higher level constructs in this module are in developer preview before they become stable. We will only make breaking changes to address unforeseen API issues. Therefore, these APIs are not subject to Semantic Versioning, and breaking changes will be announced in release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

---

This library contains convenience methods for defining origins for a CloudFront distribution. You can use this library to create origins from S3 buckets, Elastic Load Balancing v2 load balancers, or any other domain name.

S3 Bucket

An S3 bucket can be added as an origin. If the bucket is configured as a website endpoint, the distribution can use S3 redirects and S3 custom error documents.

import * as cloudfront from '@aws-cdk/aws-cloudfront';
import * as origins from '@aws-cdk/aws-cloudfront-origins';

const myBucket = new s3.Bucket(this, 'myBucket');
new cloudfront.Distribution(this, 'myDist', {
  defaultBehavior: { origin: new origins.S3Origin(myBucket) },
});

The above will treat the bucket differently based on if IBucket.isWebsite is set or not. If the bucket is configured as a website, the bucket is treated as an HTTP origin, and the built-in S3 redirects and error pages can be used. Otherwise, the bucket is handled as a bucket origin and CloudFront's redirect and error handling will be used. In the latter case, the Origin wil create an origin access identity and grant it access to the underlying bucket. This can be used in conjunction with a bucket that is not public to require that your users access your content using CloudFront URLs and not S3 URLs directly. Alternatively, a custom origin access identity can be passed to the S3 origin in the properties.

ELBv2 Load Balancer

An Elastic Load Balancing (ELB) v2 load balancer may be used as an origin. In order for a load balancer to serve as an origin, it must be publicly accessible (internetFacing is true). Both Application and Network load balancers are supported.

import * as ec2 from '@aws-cdk/aws-ec2';
import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2';

const vpc = new ec2.Vpc(...);
// Create an application load balancer in a VPC. 'internetFacing' must be 'true'
// for CloudFront to access the load balancer and use it as an origin.
const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
  vpc,
  internetFacing: true
});
new cloudfront.Distribution(this, 'myDist', {
  defaultBehavior: { origin: new origins.LoadBalancerV2Origin(lb) },
});

The origin can also be customized to respond on different ports, have different connection properties, etc.

const origin = new origins.LoadBalancerV2Origin(loadBalancer, {
  connectionAttempts: 3,
  connectionTimeout: Duration.seconds(5),
  protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER,
});

From an HTTP endpoint

Origins can also be created from any other HTTP endpoint, given the domain name, and optionally, other origin properties.

new cloudfront.Distribution(this, 'myDist', {
  defaultBehavior: { origin: new origins.HttpOrigin('www.example.com') },
});

See the documentation of @aws-cdk/aws-cloudfront for more information.

Failover Origins (Origin Groups)

You can set up CloudFront with origin failover for scenarios that require high availability. To get started, you create an origin group with two origins: a primary and a secondary. If the primary origin is unavailable, or returns specific HTTP response status codes that indicate a failure, CloudFront automatically switches to the secondary origin. You achieve that behavior in the CDK using the OriginGroup class:

new cloudfront.Distribution(this, 'myDist', {
  defaultBehavior: {
    origin: new origins.OriginGroup({
      primaryOrigin: new origins.S3Origin(myBucket),
      fallbackOrigin: new origins.HttpOrigin('www.example.com'),
      // optional, defaults to: 500, 502, 503 and 504
      fallbackStatusCodes: [404],
    }),
  },
});

Changelog

1.75.0 (2020-11-24)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: renames gateway listener static methods to use shorter names
• appmesh: renames gateway route static methods to use shorter names
• appmesh: changes Route's spec to a union-like class. RouteSpec is now defined using protocol variant static methods
• efs: keyId property uses the ARN instead of the keyId to support cross-account encryption key usage. The filesystem will be replaced.
• lambda-nodejs: local bundling now requires esbuild to be installed.
• lambda-nodejs: projectRoot has been replaced by depsLockFilePath. It should point to your dependency lock file (package-lock.json or yarn.lock)
• lambda-nodejs: parcelEnvironment has been renamed to bundlingEnvironment
• lambda-nodejs: sourceMaps has been renamed to sourceMap
• appmesh: IVirtualNode no longer has the addBackends() method. A backend can be added to VirtualNode using the addBackend() method which accepts a single IVirtualService
• appmesh: IVirtualNode no longer has the addListeners() method. A listener can be added to VirtualNode using the addListener() method which accepts a single VirtualNodeListener
• appmesh: VirtualNode no longer has a default listener. It is valid to have a VirtualNode without any listeners
• appmesh: the construction property listener of VirtualNode has been renamed to listeners, and its type changed to an array of listeners
• appmesh: the struct VirtualNodeListener has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener class

Features

• applicationautoscaling: Add KAFKA to ServiceNamespace (#11394) (b5c3f84)
• appmesh: add listener timeout to Virtual Nodes (#10793) (62baa7b)
• appmesh: change Route's spec to a union-like class (#11343) (f0de91f)
• appmesh: updates gateway resources to use shorter static method names (#11560) (df4d1d3)
• cfnspec: cloudformation spec v20.0.0 (#11319) (8c17a35)
• cfnspec: cloudformation spec v20.2.0 (#11429) (025992b)
• cfnspec: cloudformation spec v20.3.0 (#11539) (3246b67)
• cli: add --no-lookups flag to disable context lookups (#11489) (0445a6e), closes #11461
• codebuild: allow setting the Project's logging configuration (#11444) (6a4b22d), closes #3856
• codeguruprofiler: CodeGuruProfiler Construct Library is now in Developer Preview (#11558) (1da6715)
• codepipeline-actions: Add deployment timeout to EcsDeployAction (#11407) (7d9d575)
• core: add easy importValue to CfnOutput (#11368) (c71a4e9), closes #11360
• ecs: allow HTTPS connections from LB to task (#11381) (0f6e2da)
• ecs: environment files for containers in EC2 task definitions (8cb74ea)
• ecs: secret JSON field for Fargate tasks (#11348) (03e7cd5), closes /github.com/aws/containers-roadmap/issues/385#issuecomment-722696672 #11341
• efs: import access point - fromAccessPointAttributes() (#10712) (ec72c85)
• events-targets: add CloudWatch LogGroup Target (#10598) (98e9b59), closes #9953
• iam: specify initial PolicyDocument for inline Policy (#11430) (a8c4f17), closes #11236
• lambda-nodejs: esbuild bundling (#11289) (7a82850), closes #10286 #9130 #9312 #11222
• logs: Add KMS key support to LogGroup (#11363) (21ccfce), closes #11211
• stepfunctions-tasks: support overriding all properties of CodeBuild StartBuild integration (#10356) (58efbad), closes #10302

Bug Fixes

• autoscaling: targetRequestsPerSecond is actually requests per minute (#11457) (39e277f), closes #11446
• aws-custom-resource: module fails loading when bundled with parcel (#11487) (421d4e4)
• cli: credential provider plugins cannot be used with modern synthesis (#11350) (9e91306)
• cloudfront: origin ID exceeds undocumented 128 character limit (#11523) (90f0b9d), closes #11504
• core: DefaultStackSynthesizer supports object prefix for s3 assets (#11327) (1b5f218)
• core: missing context in Stages is not filled by CLI (#11461) (a4a555a), closes #9226
• core: reusing StackSynthesizer leads to unsynthesized Stacks (#11635) (f03c889), closes #11528
• efs: cannot use encryption key imported from another account (#11524) (3578d84), closes #7641
• eks: cluster creation fails when configured with an imported public subnet and private endpoint (#11620) (2c045ce)
• iam: attach policy to imported User (#11493) (0a8971c), closes #10913 #11046 #10527
• init: TypeScript code is not being recompiled automatically (#11470) (9843e71)
• lambda: failed to add permission to an imported lambda from another account (#11369) (715a030), closes #11278 #11141 #11141
• pipelines: synthesizes incorrect paths on Windows (#11464) (2ca31a8), closes #11359 #11405 #11424
• pipelines: wrong runOrder for manual approval when using extraRunOrderSpace (#11511) (9b72fc8)
• stepfunctions: metric* helpers not available on imported state machines (#11509) (83c0543)
• stepfunctions-tasks: encryption is required for AthenaStartQueryExecution (#11355) (f26a592)
• stepfunctions-tasks: incorrect policy for Athena prevents database deletions (#11427) (58e6576), closes #11357