From 3ec9d7690c0a863635a4b00b13882e9339388ed0 Mon Sep 17 00:00:00 2001 From: Paul Maddox Date: Fri, 19 Oct 2018 14:08:19 +0300 Subject: [PATCH] feat(aws-cloudfront): add support for "webAclId" (#969) Expose the webAclId property on CloudFront distributions. This allows linking of AWS WAF WebACL resources to protect the CloudFront distribution. --- .../aws-cloudfront/lib/web_distribution.ts | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts index ec8153022471e..fcbd3a922e51b 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts @@ -163,7 +163,7 @@ export interface SourceConfiguration { * * @default no additional headers are passed */ - readonly originHeaders?: {[key: string]: string}; + readonly originHeaders?: { [key: string]: string }; } /** @@ -431,6 +431,12 @@ export interface CloudFrontWebDistributionProps { * How CloudFront should handle requests that are no successful (eg PageNotFound) */ errorConfigurations?: cloudformation.DistributionResource.CustomErrorResponseProperty[]; + + /** + * Optional AWS WAF WebACL to associate with this CloudFront distribution + */ + webACLId?: string; + } /** @@ -528,6 +534,7 @@ export class CloudFrontWebDistribution extends cdk.Construct { ipv6Enabled: props.enableIpV6 || true, // tslint:disable-next-line:max-line-length customErrorResponses: props.errorConfigurations, // TODO: validation : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-errorcachingminttl + webAclId: props.webACLId, }; const behaviors: BehaviorWithOrigin[] = []; @@ -585,7 +592,7 @@ export class CloudFrontWebDistribution extends cdk.Construct { }; } for (const behavior of originConfig.behaviors) { - behaviors.push({...behavior, targetOriginId: originId}); + behaviors.push({ ...behavior, targetOriginId: originId }); } origins.push(originProperty); originIndex++; @@ -647,18 +654,18 @@ export class CloudFrontWebDistribution extends cdk.Construct { }; } - const distribution = new cloudformation.DistributionResource(this, 'CFDistribution', {distributionConfig}); + const distribution = new cloudformation.DistributionResource(this, 'CFDistribution', { distributionConfig }); this.domainName = distribution.distributionDomainName; this.distributionId = distribution.distributionId; } private toBehavior(input: BehaviorWithOrigin, protoPolicy?: ViewerProtocolPolicy) { - let toReturn = { + let toReturn = { allowedMethods: this.METHOD_LOOKUP_MAP[input.allowedMethods || CloudFrontAllowedMethods.GET_HEAD], cachedMethods: this.METHOD_LOOKUP_MAP[input.cachedMethods || CloudFrontAllowedCachedMethods.GET_HEAD], compress: input.compress, defaultTtl: input.defaultTtlSeconds, - forwardedValues: input.forwardedValues || { queryString: false, cookies: {forward: "none"} }, + forwardedValues: input.forwardedValues || { queryString: false, cookies: { forward: "none" } }, maxTtl: input.maxTtlSeconds, minTtl: input.minTtlSeconds, trustedSigners: input.trustedSigners, @@ -666,7 +673,7 @@ export class CloudFrontWebDistribution extends cdk.Construct { viewerProtocolPolicy: protoPolicy || ViewerProtocolPolicy.RedirectToHTTPS, }; if (!input.isDefaultBehavior) { - toReturn = Object.assign(toReturn, {pathPattern: input.pathPattern}); + toReturn = Object.assign(toReturn, { pathPattern: input.pathPattern }); } return toReturn; }