@aws-cdk/aws-cloudfront
Advanced tools
Comparing version 1.14.0 to 1.15.0
@@ -0,1 +1,2 @@ | ||
import certificatemanager = require('@aws-cdk/aws-certificatemanager'); | ||
import lambda = require('@aws-cdk/aws-lambda'); | ||
@@ -345,2 +346,58 @@ import s3 = require('@aws-cdk/aws-s3'); | ||
} | ||
export interface ViewerCertificateOptions { | ||
/** | ||
* How CloudFront should serve HTTPS requests. | ||
* | ||
* See the notes on SSLMethod if you wish to use other SSL termination types. | ||
* | ||
* @default SSLMethod.SNI | ||
* @see https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html | ||
*/ | ||
readonly sslMethod?: SSLMethod; | ||
/** | ||
* The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | ||
* | ||
* CloudFront serves your objects only to browsers or devices that support at | ||
* least the SSL version that you specify. | ||
* | ||
* @default - SSLv3 if sslMethod VIP, TLSv1 if sslMethod SNI | ||
*/ | ||
readonly securityPolicy?: SecurityPolicyProtocol; | ||
/** | ||
* Domain names on the certificate (both main domain name and Subject Alternative names) | ||
*/ | ||
readonly aliases?: string[]; | ||
} | ||
/** | ||
* Viewer certificate configuration class | ||
*/ | ||
export declare class ViewerCertificate { | ||
readonly props: CfnDistribution.ViewerCertificateProperty; | ||
readonly aliases: string[]; | ||
/** | ||
* Generate an AWS Certificate Manager (ACM) viewer certificate configuration | ||
* | ||
* @param certificate AWS Certificate Manager (ACM) certificate. | ||
* Your certificate must be located in the us-east-1 (US East (N. Virginia)) region to be accessed by CloudFront | ||
* @param options certificate configuration options | ||
*/ | ||
static fromAcmCertificate(certificate: certificatemanager.ICertificate, options?: ViewerCertificateOptions): ViewerCertificate; | ||
/** | ||
* Generate an IAM viewer certificate configuration | ||
* | ||
* @param iamCertificateId Identifier of the IAM certificate | ||
* @param options certificate configuration options | ||
*/ | ||
static fromIamCertificate(iamCertificateId: string, options?: ViewerCertificateOptions): ViewerCertificate; | ||
/** | ||
* Generate a viewer certifcate configuration using | ||
* the CloudFront default certificate (e.g. d111111abcdef8.cloudfront.net) | ||
* and a {@link SecurityPolicyProtocol.TLS_V1} security policy. | ||
* | ||
* @param aliases Alternative CNAME aliases | ||
* You also must create a CNAME record with your DNS service to route queries | ||
*/ | ||
static fromCloudFrontDefaultCertificate(...aliases: string[]): ViewerCertificate; | ||
private constructor(); | ||
} | ||
export interface CloudFrontWebDistributionProps { | ||
@@ -351,2 +408,3 @@ /** | ||
* @default - None. | ||
* @deprecated see {@link CloudFrontWebDistributionProps#viewerCertificate} with {@link ViewerCertificate#acmCertificate} | ||
*/ | ||
@@ -418,2 +476,12 @@ readonly aliasConfiguration?: AliasConfiguration; | ||
readonly webACLId?: string; | ||
/** | ||
* Specifies whether you want viewers to use HTTP or HTTPS to request your objects, | ||
* whether you're using an alternate domain name with HTTPS, and if so, | ||
* if you're using AWS Certificate Manager (ACM) or a third-party certificate authority. | ||
* | ||
* @default ViewerCertificate.fromCloudFrontDefaultCertificate() | ||
* | ||
* @see https://aws.amazon.com/premiumsupport/knowledge-center/custom-ssl-certificate-cloudfront/ | ||
*/ | ||
readonly viewerCertificate?: ViewerCertificate; | ||
} | ||
@@ -420,0 +488,0 @@ /** |
{ | ||
"name": "@aws-cdk/aws-cloudfront", | ||
"version": "1.14.0", | ||
"version": "1.15.0", | ||
"description": "CDK Constructs for AWS CloudFront", | ||
@@ -66,4 +66,4 @@ "main": "lib/index.js", | ||
"devDependencies": { | ||
"@aws-cdk/assert": "1.14.0", | ||
"aws-sdk": "^2.553.0", | ||
"@aws-cdk/assert": "1.15.0", | ||
"aws-sdk": "^2.556.0", | ||
"cdk-build-tools": "file:../../../tools/cdk-build-tools", | ||
@@ -75,17 +75,17 @@ "cdk-integ-tools": "file:../../../tools/cdk-integ-tools", | ||
"dependencies": { | ||
"@aws-cdk/aws-certificatemanager": "1.14.0", | ||
"@aws-cdk/aws-iam": "1.14.0", | ||
"@aws-cdk/aws-kms": "1.14.0", | ||
"@aws-cdk/aws-lambda": "1.14.0", | ||
"@aws-cdk/aws-s3": "1.14.0", | ||
"@aws-cdk/core": "1.14.0" | ||
"@aws-cdk/aws-certificatemanager": "1.15.0", | ||
"@aws-cdk/aws-iam": "1.15.0", | ||
"@aws-cdk/aws-kms": "1.15.0", | ||
"@aws-cdk/aws-lambda": "1.15.0", | ||
"@aws-cdk/aws-s3": "1.15.0", | ||
"@aws-cdk/core": "1.15.0" | ||
}, | ||
"homepage": "https://github.com/aws/aws-cdk", | ||
"peerDependencies": { | ||
"@aws-cdk/aws-certificatemanager": "1.14.0", | ||
"@aws-cdk/aws-iam": "1.14.0", | ||
"@aws-cdk/aws-kms": "1.14.0", | ||
"@aws-cdk/aws-lambda": "1.14.0", | ||
"@aws-cdk/aws-s3": "1.14.0", | ||
"@aws-cdk/core": "1.14.0" | ||
"@aws-cdk/aws-certificatemanager": "1.15.0", | ||
"@aws-cdk/aws-iam": "1.15.0", | ||
"@aws-cdk/aws-kms": "1.15.0", | ||
"@aws-cdk/aws-lambda": "1.15.0", | ||
"@aws-cdk/aws-s3": "1.15.0", | ||
"@aws-cdk/core": "1.15.0" | ||
}, | ||
@@ -92,0 +92,0 @@ "engines": { |
@@ -24,3 +24,3 @@ ## Amazon CloudFront Construct Library | ||
const sourceBucket = new Bucket(this, 'Bucket'); | ||
const distribution = new CloudFrontWebDistribution(this, 'MyDistribution', { | ||
@@ -37,1 +37,37 @@ originConfigs: [ | ||
``` | ||
### Viewer certificate | ||
By default, CloudFront Web Distributions will answer HTTPS requests with CloudFront's default certificate, only containing the distribution `domainName` (e.g. d111111abcdef8.cloudfront.net). | ||
You can customize the viewer certificate property to provide a custom certificate and/or list of domain name aliases to fit your needs. | ||
See [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the CloudFront User Guide. | ||
#### Default certificate | ||
You can customize the default certificate aliases. This is intended to be used in combination with CNAME records in your DNS zone. | ||
Example: | ||
[create a distrubution with an default certificiate example](test/example.default-cert-alias.lit.ts) | ||
#### ACM certificate | ||
You can change the default certificate by one stored Amazon Certificate Manager, or ACM. | ||
Those certificate can either be generated by AWS, or purchased by another CA imported into ACM. | ||
For more information, see [the aws-certificatemanager module documentation](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-certificatemanager-readme.html) or [Importing Certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the AWS Certificate Manager User Guide. | ||
Example: | ||
[create a distrubution with an acm certificate example](test/example.acm-cert-alias.lit.ts) | ||
#### IAM certificate | ||
You can also import a certificate into the IAM certificate store. | ||
See [Importing an SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-procedures.html#cnames-and-https-uploading-certificates) in the CloudFront User Guide. | ||
Example: | ||
[create a distrubution with an iam certificate example](test/example.iam-cert-alias.lit.ts) |
@@ -54,3 +54,3 @@ { | ||
"ViewerCertificate": { | ||
"AcmCertificateArn": "testACM", | ||
"AcmCertificateArn": "arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d", | ||
"MinimumProtocolVersion": "TLSv1", | ||
@@ -57,0 +57,0 @@ "SslSupportMethod": "sni-only" |
@@ -24,3 +24,3 @@ "use strict"; | ||
aliasConfiguration: { | ||
acmCertRef: 'testACM', | ||
acmCertRef: 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d', | ||
names: ['test.test.com'], | ||
@@ -32,2 +32,2 @@ sslMethod: cloudfront.SSLMethod.SNI, | ||
app.synth(); | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2xvdWRmcm9udC1zZWN1cml0eS1wb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbnRlZy5jbG91ZGZyb250LXNlY3VyaXR5LXBvbGljeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLHFDQUFzQztBQUN0QyxxQ0FBc0M7QUFFdEMsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7QUFFMUIsTUFBTSxLQUFLLEdBQUcsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSwyQkFBMkIsQ0FBQyxDQUFDO0FBRTlELElBQUksVUFBVSxDQUFDLHlCQUF5QixDQUFDLEtBQUssRUFBRSwwQkFBMEIsRUFBRTtJQUMxRSxhQUFhLEVBQUU7UUFDYjtZQUNFLGFBQWEsRUFBRTtnQkFDYixpQkFBaUIsRUFBRSxXQUFXO2FBQy9CO1lBQ0Qsa0JBQWtCLEVBQUU7Z0JBQ2xCLFVBQVUsRUFBRSxrQkFBa0I7YUFDL0I7WUFDRCxTQUFTLEVBQUU7Z0JBQ1Q7b0JBQ0EsaUJBQWlCLEVBQUUsSUFBSTtpQkFDdEI7YUFDRjtTQUNGO0tBQ0Y7SUFDRCxrQkFBa0IsRUFBRTtRQUNsQixVQUFVLEVBQUUsU0FBUztRQUNyQixLQUFLLEVBQUUsQ0FBQyxlQUFlLENBQUM7UUFDeEIsU0FBUyxFQUFFLFVBQVUsQ0FBQyxTQUFTLENBQUMsR0FBRztRQUNuQyxjQUFjLEVBQUUsVUFBVSxDQUFDLHNCQUFzQixDQUFDLE1BQU07S0FDekQ7Q0FDRixDQUFDLENBQUM7QUFFSCxHQUFHLENBQUMsS0FBSyxFQUFFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJcbmltcG9ydCBjZGsgPSByZXF1aXJlKCdAYXdzLWNkay9jb3JlJyk7XG5pbXBvcnQgY2xvdWRmcm9udCA9IHJlcXVpcmUoJy4uL2xpYicpO1xuXG5jb25zdCBhcHAgPSBuZXcgY2RrLkFwcCgpO1xuXG5jb25zdCBzdGFjayA9IG5ldyBjZGsuU3RhY2soYXBwLCAnYXdzLWNkay1jbG91ZGZyb250LWN1c3RvbScpO1xuXG5uZXcgY2xvdWRmcm9udC5DbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uKHN0YWNrLCAnQW5BbWF6aW5nV2Vic2l0ZVByb2JhYmx5Jywge1xuICBvcmlnaW5Db25maWdzOiBbXG4gICAge1xuICAgICAgb3JpZ2luSGVhZGVyczoge1xuICAgICAgICBcIlgtQ3VzdG9tLUhlYWRlclwiOiBcInNvbWV2YWx1ZVwiLFxuICAgICAgfSxcbiAgICAgIGN1c3RvbU9yaWdpblNvdXJjZToge1xuICAgICAgICBkb21haW5OYW1lOiBcImJyZWxhbmRtLmEyei5jb21cIixcbiAgICAgIH0sXG4gICAgICBiZWhhdmlvcnM6IFtcbiAgICAgICAge1xuICAgICAgICBpc0RlZmF1bHRCZWhhdmlvcjogdHJ1ZSxcbiAgICAgICAgfVxuICAgICAgXVxuICAgIH1cbiAgXSxcbiAgYWxpYXNDb25maWd1cmF0aW9uOiB7XG4gICAgYWNtQ2VydFJlZjogJ3Rlc3RBQ00nLFxuICAgIG5hbWVzOiBbJ3Rlc3QudGVzdC5jb20nXSxcbiAgICBzc2xNZXRob2Q6IGNsb3VkZnJvbnQuU1NMTWV0aG9kLlNOSSxcbiAgICBzZWN1cml0eVBvbGljeTogY2xvdWRmcm9udC5TZWN1cml0eVBvbGljeVByb3RvY29sLlRMU19WMVxuICB9XG59KTtcblxuYXBwLnN5bnRoKCk7XG4iXX0= | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2xvdWRmcm9udC1zZWN1cml0eS1wb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbnRlZy5jbG91ZGZyb250LXNlY3VyaXR5LXBvbGljeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLHFDQUFzQztBQUN0QyxxQ0FBc0M7QUFFdEMsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7QUFFMUIsTUFBTSxLQUFLLEdBQUcsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSwyQkFBMkIsQ0FBQyxDQUFDO0FBRTlELElBQUksVUFBVSxDQUFDLHlCQUF5QixDQUFDLEtBQUssRUFBRSwwQkFBMEIsRUFBRTtJQUMxRSxhQUFhLEVBQUU7UUFDYjtZQUNFLGFBQWEsRUFBRTtnQkFDYixpQkFBaUIsRUFBRSxXQUFXO2FBQy9CO1lBQ0Qsa0JBQWtCLEVBQUU7Z0JBQ2xCLFVBQVUsRUFBRSxrQkFBa0I7YUFDL0I7WUFDRCxTQUFTLEVBQUU7Z0JBQ1Q7b0JBQ0EsaUJBQWlCLEVBQUUsSUFBSTtpQkFDdEI7YUFDRjtTQUNGO0tBQ0Y7SUFDRCxrQkFBa0IsRUFBRTtRQUNsQixVQUFVLEVBQUUsOEVBQThFO1FBQzFGLEtBQUssRUFBRSxDQUFDLGVBQWUsQ0FBQztRQUN4QixTQUFTLEVBQUUsVUFBVSxDQUFDLFNBQVMsQ0FBQyxHQUFHO1FBQ25DLGNBQWMsRUFBRSxVQUFVLENBQUMsc0JBQXNCLENBQUMsTUFBTTtLQUN6RDtDQUNGLENBQUMsQ0FBQztBQUVILEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIlxuaW1wb3J0IGNkayA9IHJlcXVpcmUoJ0Bhd3MtY2RrL2NvcmUnKTtcbmltcG9ydCBjbG91ZGZyb250ID0gcmVxdWlyZSgnLi4vbGliJyk7XG5cbmNvbnN0IGFwcCA9IG5ldyBjZGsuQXBwKCk7XG5cbmNvbnN0IHN0YWNrID0gbmV3IGNkay5TdGFjayhhcHAsICdhd3MtY2RrLWNsb3VkZnJvbnQtY3VzdG9tJyk7XG5cbm5ldyBjbG91ZGZyb250LkNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24oc3RhY2ssICdBbkFtYXppbmdXZWJzaXRlUHJvYmFibHknLCB7XG4gIG9yaWdpbkNvbmZpZ3M6IFtcbiAgICB7XG4gICAgICBvcmlnaW5IZWFkZXJzOiB7XG4gICAgICAgIFwiWC1DdXN0b20tSGVhZGVyXCI6IFwic29tZXZhbHVlXCIsXG4gICAgICB9LFxuICAgICAgY3VzdG9tT3JpZ2luU291cmNlOiB7XG4gICAgICAgIGRvbWFpbk5hbWU6IFwiYnJlbGFuZG0uYTJ6LmNvbVwiLFxuICAgICAgfSxcbiAgICAgIGJlaGF2aW9yczogW1xuICAgICAgICB7XG4gICAgICAgIGlzRGVmYXVsdEJlaGF2aW9yOiB0cnVlLFxuICAgICAgICB9XG4gICAgICBdXG4gICAgfVxuICBdLFxuICBhbGlhc0NvbmZpZ3VyYXRpb246IHtcbiAgICBhY21DZXJ0UmVmOiAnYXJuOmF3czphY206dXMtZWFzdC0xOjExMTExMTE6Y2VydGlmaWNhdGUvMTEtMzMzNmYxLTQ0NDgzZC1hZGM3LTljZDM3NWM1MTY5ZCcsXG4gICAgbmFtZXM6IFsndGVzdC50ZXN0LmNvbSddLFxuICAgIHNzbE1ldGhvZDogY2xvdWRmcm9udC5TU0xNZXRob2QuU05JLFxuICAgIHNlY3VyaXR5UG9saWN5OiBjbG91ZGZyb250LlNlY3VyaXR5UG9saWN5UHJvdG9jb2wuVExTX1YxXG4gIH1cbn0pO1xuXG5hcHAuc3ludGgoKTtcbiJdfQ== |
@@ -10,3 +10,23 @@ import { Test } from 'nodeunit'; | ||
'distribution has a defaultChild'(test: Test): void; | ||
'viewerCertificate': { | ||
'acmCertificate': { | ||
'base usage'(test: Test): void; | ||
'imported certificate fromCertificateArn'(test: Test): void; | ||
'advanced usage'(test: Test): void; | ||
}; | ||
'iamCertificate': { | ||
'base usage'(test: Test): void; | ||
'advanced usage'(test: Test): void; | ||
}; | ||
'cloudFrontDefaultCertificate': { | ||
'base usage'(test: Test): void; | ||
'aliases are set'(test: Test): void; | ||
}; | ||
'errors': { | ||
'throws if both deprecated aliasConfiguration and viewerCertificate'(test: Test): void; | ||
'throws if invalid security policy for SSL method'(test: Test): void; | ||
'throws if acmCertificate explicitly not in us-east-1'(test: Test): void; | ||
}; | ||
}; | ||
}; | ||
export = _default; |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
725693
46
4577
72
+ Added@aws-cdk/assets@1.15.0(transitive)
+ Added@aws-cdk/aws-certificatemanager@1.15.0(transitive)
+ Added@aws-cdk/aws-cloudformation@1.15.0(transitive)
+ Added@aws-cdk/aws-cloudwatch@1.15.0(transitive)
+ Added@aws-cdk/aws-ec2@1.15.0(transitive)
+ Added@aws-cdk/aws-events@1.15.0(transitive)
+ Added@aws-cdk/aws-iam@1.15.0(transitive)
+ Added@aws-cdk/aws-kms@1.15.0(transitive)
+ Added@aws-cdk/aws-lambda@1.15.0(transitive)
+ Added@aws-cdk/aws-logs@1.15.0(transitive)
+ Added@aws-cdk/aws-route53@1.15.0(transitive)
+ Added@aws-cdk/aws-s3@1.15.0(transitive)
+ Added@aws-cdk/aws-s3-assets@1.15.0(transitive)
+ Added@aws-cdk/aws-sns@1.15.0(transitive)
+ Added@aws-cdk/aws-sqs@1.15.0(transitive)
+ Added@aws-cdk/aws-ssm@1.15.0(transitive)
+ Added@aws-cdk/core@1.15.0(transitive)
+ Added@aws-cdk/cx-api@1.15.0(transitive)
+ Added@aws-cdk/region-info@1.15.0(transitive)
- Removed@aws-cdk/assets@1.14.0(transitive)
- Removed@aws-cdk/aws-certificatemanager@1.14.0(transitive)
- Removed@aws-cdk/aws-cloudformation@1.14.0(transitive)
- Removed@aws-cdk/aws-cloudwatch@1.14.0(transitive)
- Removed@aws-cdk/aws-ec2@1.14.0(transitive)
- Removed@aws-cdk/aws-events@1.14.0(transitive)
- Removed@aws-cdk/aws-iam@1.14.0(transitive)
- Removed@aws-cdk/aws-kms@1.14.0(transitive)
- Removed@aws-cdk/aws-lambda@1.14.0(transitive)
- Removed@aws-cdk/aws-logs@1.14.0(transitive)
- Removed@aws-cdk/aws-route53@1.14.0(transitive)
- Removed@aws-cdk/aws-s3@1.14.0(transitive)
- Removed@aws-cdk/aws-s3-assets@1.14.0(transitive)
- Removed@aws-cdk/aws-sns@1.14.0(transitive)
- Removed@aws-cdk/aws-sqs@1.14.0(transitive)
- Removed@aws-cdk/aws-ssm@1.14.0(transitive)
- Removed@aws-cdk/core@1.14.0(transitive)
- Removed@aws-cdk/cx-api@1.14.0(transitive)
- Removed@aws-cdk/region-info@1.14.0(transitive)
Updated@aws-cdk/aws-iam@1.15.0
Updated@aws-cdk/aws-kms@1.15.0
Updated@aws-cdk/aws-lambda@1.15.0
Updated@aws-cdk/aws-s3@1.15.0
Updated@aws-cdk/core@1.15.0