From 2e194ce79fa3845e5c7cc6df383a9cedc695671f Mon Sep 17 00:00:00 2001 From: Naseem Date: Sat, 7 Aug 2021 08:22:01 -0400 Subject: [PATCH] refactor: dedupe log bucket and lambda version logic, default sec headers value --- .../aws-cloudfront-mediastore/lib/index.ts | 2 +- .../lib/cloudfront-distribution-defaults.ts | 8 +-- .../lib/cloudfront-distribution-helper.ts | 57 +++++++++---------- 3 files changed, 33 insertions(+), 34 deletions(-) diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/lib/index.ts index de23dd844..b29c4152f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/lib/index.ts @@ -52,7 +52,7 @@ export interface CloudFrontToMediaStoreProps { export class CloudFrontToMediaStore extends Construct { public readonly cloudFrontWebDistribution: cloudfront.Distribution; public readonly mediaStoreContainer: mediastore.CfnContainer; - public readonly cloudFrontLoggingBucket: s3.Bucket; + public readonly cloudFrontLoggingBucket?: s3.Bucket; public readonly cloudFrontOriginRequestPolicy: cloudfront.OriginRequestPolicy; public readonly cloudFrontOriginAccessIdentity?: cloudfront.OriginAccessIdentity; public readonly edgeLambdaFunctionVersion?: lambda.Version; diff --git a/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts index ca6461bc5..24e1230f3 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts @@ -21,7 +21,7 @@ import * as cdk from '@aws-cdk/core'; import { FunctionEventType } from '@aws-cdk/aws-cloudfront'; export function DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint: api.RestApi, - loggingBucket: s3.Bucket, + loggingBucket: s3.Bucket | undefined, setHttpSecurityHeaders: boolean, edgeLambda?: lambda.Version): cloudfront.DistributionProps { @@ -59,7 +59,7 @@ export function DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint: } } -export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBucket, loggingBucket: s3.Bucket, +export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBucket, loggingBucket: s3.Bucket | undefined, setHttpSecurityHeaders: boolean, cfFunction?: cloudfront.IFunction): cloudfront.DistributionProps { @@ -93,7 +93,7 @@ export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBuc } export function DefaultCloudFrontDisributionForMediaStoreProps(mediastoreContainer: mediastore.CfnContainer, - loggingBucket: s3.Bucket, + loggingBucket: s3.Bucket | undefined, originRequestPolicy: cloudfront.OriginRequestPolicy, setHttpSecurityHeaders: boolean, customHeaders?: Record, @@ -137,4 +137,4 @@ export function DefaultCloudFrontDisributionForMediaStoreProps(mediastoreContain logBucket: loggingBucket } as cloudfront.DistributionProps; } -} \ No newline at end of file +} diff --git a/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-helper.ts index 361489be9..7f37f5b1c 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-helper.ts @@ -126,26 +126,18 @@ function defaultCloudfrontFunction(scope: cdk.Construct): cloudfront.Function { export function CloudFrontDistributionForApiGateway(scope: cdk.Construct, apiEndPoint: api.RestApi, cloudFrontDistributionProps?: cloudfront.DistributionProps | any, - httpSecurityHeaders?: boolean): [cloudfront.Distribution, + httpSecurityHeaders: boolean = true): [cloudfront.Distribution, lambda.Version?, s3.Bucket?] { - const _httpSecurityHeaders = (httpSecurityHeaders !== undefined && httpSecurityHeaders === false) ? false : true; + const edgeLambdaVersion = getEdgeLambdaVersion(httpSecurityHeaders, scope); - let edgeLambdaVersion; + const loggingBucket = getLoggingBucket(cloudFrontDistributionProps, scope); - if (_httpSecurityHeaders) { - edgeLambdaVersion = new lambda.Version(scope, "SetHttpSecurityHeadersVersion", { - lambda: defaultLambdaEdgeFunction(scope) - }); - } - - const loggingBucket = cloudFrontDistributionProps?.enableLogging ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket') : undefined; - - const defaultprops = DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint, loggingBucket, _httpSecurityHeaders, edgeLambdaVersion); + const defaultprops = DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint, loggingBucket, httpSecurityHeaders, edgeLambdaVersion); const cfprops = cloudFrontDistributionProps ? overrideProps(defaultprops, cloudFrontDistributionProps, true) : defaultprops; // Create the Cloudfront Distribution - const cfDistribution: cloudfront.Distribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops); + const cfDistribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops); updateSecurityPolicy(cfDistribution); return [cfDistribution, edgeLambdaVersion, loggingBucket]; @@ -154,20 +146,18 @@ export function CloudFrontDistributionForApiGateway(scope: cdk.Construct, export function CloudFrontDistributionForS3(scope: cdk.Construct, sourceBucket: s3.IBucket, cloudFrontDistributionProps?: cloudfront.DistributionProps | any, - httpSecurityHeaders?: boolean): [cloudfront.Distribution, + httpSecurityHeaders: boolean = true): [cloudfront.Distribution, cloudfront.Function?, s3.Bucket?] { - const _httpSecurityHeaders = (httpSecurityHeaders !== undefined && httpSecurityHeaders === false) ? false : true; - - const cloudfrontFunction = _httpSecurityHeaders ? defaultCloudfrontFunction(scope) : undefined; + const cloudfrontFunction = httpSecurityHeaders ? defaultCloudfrontFunction(scope) : undefined; - const loggingBucket = cloudFrontDistributionProps?.enableLogging ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket') : undefined; + const loggingBucket = getLoggingBucket(cloudFrontDistributionProps, scope); - const defaultprops = DefaultCloudFrontWebDistributionForS3Props(sourceBucket, loggingBucket, _httpSecurityHeaders, cloudfrontFunction); + const defaultprops = DefaultCloudFrontWebDistributionForS3Props(sourceBucket, loggingBucket, httpSecurityHeaders, cloudfrontFunction); const cfprops = cloudFrontDistributionProps ? overrideProps(defaultprops, cloudFrontDistributionProps, false) : defaultprops; // Create the Cloudfront Distribution - const cfDistribution: cloudfront.Distribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops); + const cfDistribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops); updateSecurityPolicy(cfDistribution); // Extract the CfnBucketPolicy from the sourceBucket @@ -185,17 +175,14 @@ export function CloudFrontDistributionForS3(scope: cdk.Construct, export function CloudFrontDistributionForMediaStore(scope: cdk.Construct, mediaStoreContainer: mediastore.CfnContainer, cloudFrontDistributionProps?: cloudfront.DistributionProps | any, - httpSecurityHeaders?: boolean): [cloudfront.Distribution, - s3.Bucket, cloudfront.OriginRequestPolicy, lambda.Version?] { + httpSecurityHeaders: boolean = true): [cloudfront.Distribution, + s3.Bucket | undefined, cloudfront.OriginRequestPolicy, lambda.Version?] { let originRequestPolicy: cloudfront.OriginRequestPolicy; - const _httpSecurityHeaders = (httpSecurityHeaders !== undefined && httpSecurityHeaders === false) ? false : true; - const edgeLambdaVersion = _httpSecurityHeaders ? new lambda.Version(scope, 'SetHttpSecurityHeadersVersion', { - lambda: defaultLambdaEdgeFunction(scope) - }) : undefined; + const edgeLambdaVersion = getEdgeLambdaVersion(httpSecurityHeaders, scope); - const loggingBucket = cloudFrontDistributionProps?.enableLogging ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket') : undefined; + const loggingBucket = getLoggingBucket(cloudFrontDistributionProps, scope); if (cloudFrontDistributionProps && cloudFrontDistributionProps.defaultBehavior @@ -229,7 +216,7 @@ export function CloudFrontDistributionForMediaStore(scope: cdk.Construct, mediaStoreContainer, loggingBucket, originRequestPolicy, - _httpSecurityHeaders, + httpSecurityHeaders, cloudFrontDistributionProps?.customHeaders, edgeLambdaVersion ); @@ -243,7 +230,7 @@ export function CloudFrontDistributionForMediaStore(scope: cdk.Construct, } // Create the CloudFront Distribution - const cfDistribution: cloudfront.Distribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops); + const cfDistribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops); updateSecurityPolicy(cfDistribution); return [cfDistribution, loggingBucket, originRequestPolicy, edgeLambdaVersion]; @@ -254,3 +241,15 @@ export function CloudFrontOriginAccessIdentity(scope: cdk.Construct, comment?: s comment: comment ? comment : `access-identity-${cdk.Aws.REGION}-${cdk.Aws.STACK_NAME}` }); } + +function getLoggingBucket(cloudFrontDistributionProps: cloudfront.DistributionProps | any, scope: cdk.Construct): s3.Bucket | undefined { + return cloudFrontDistributionProps?.enableLogging + ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket') + : undefined; +} + +function getEdgeLambdaVersion(_httpSecurityHeaders: boolean, scope: cdk.Construct): lambda.Version | undefined { + return _httpSecurityHeaders + ? new lambda.Version(scope, 'SetHttpSecurityHeadersVersion', { lambda: defaultLambdaEdgeFunction(scope) }) + : undefined; +}