refactor: dedupe log bucket and lambda version logic, default sec hea…

…ders value

source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts

@@ -21,7 +21,7 @@ import * as cdk from '@aws-cdk/core';
 import { FunctionEventType } from '@aws-cdk/aws-cloudfront';
 
 export function DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint: api.RestApi,
-  loggingBucket: s3.Bucket,
+  loggingBucket: s3.Bucket | undefined,
   setHttpSecurityHeaders: boolean,
   edgeLambda?: lambda.Version): cloudfront.DistributionProps {
 
@@ -59,7 +59,7 @@ export function DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint:
   }
 }
 
-export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBucket, loggingBucket: s3.Bucket,
+export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBucket, loggingBucket: s3.Bucket | undefined,
   setHttpSecurityHeaders: boolean,
   cfFunction?: cloudfront.IFunction): cloudfront.DistributionProps {
 
@@ -93,7 +93,7 @@ export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBuc
 }
 
 export function DefaultCloudFrontDisributionForMediaStoreProps(mediastoreContainer: mediastore.CfnContainer,
-  loggingBucket: s3.Bucket,
+  loggingBucket: s3.Bucket | undefined,
   originRequestPolicy: cloudfront.OriginRequestPolicy,
   setHttpSecurityHeaders: boolean,
   customHeaders?: Record<string, string>,
@@ -137,4 +137,4 @@ export function DefaultCloudFrontDisributionForMediaStoreProps(mediastoreContain
       logBucket: loggingBucket
     } as cloudfront.DistributionProps;
   }
-}
+}

source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-helper.ts

@@ -126,26 +126,18 @@ function defaultCloudfrontFunction(scope: cdk.Construct): cloudfront.Function {
 export function CloudFrontDistributionForApiGateway(scope: cdk.Construct,
   apiEndPoint: api.RestApi,
   cloudFrontDistributionProps?: cloudfront.DistributionProps | any,
-  httpSecurityHeaders?: boolean): [cloudfront.Distribution,
+  httpSecurityHeaders: boolean = true): [cloudfront.Distribution,
     lambda.Version?, s3.Bucket?] {
 
-  const _httpSecurityHeaders = (httpSecurityHeaders !== undefined && httpSecurityHeaders === false) ? false : true;
+  const edgeLambdaVersion = getEdgeLambdaVersion(httpSecurityHeaders, scope);
 
-  let edgeLambdaVersion;
+  const loggingBucket = getLoggingBucket(cloudFrontDistributionProps, scope);
 
-  if (_httpSecurityHeaders) {
-    edgeLambdaVersion = new lambda.Version(scope, "SetHttpSecurityHeadersVersion", {
-      lambda: defaultLambdaEdgeFunction(scope)
-    });
-  }
-
-  const loggingBucket = cloudFrontDistributionProps?.enableLogging ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket') : undefined;
-
-  const defaultprops = DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint, loggingBucket, _httpSecurityHeaders, edgeLambdaVersion);
+  const defaultprops = DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint, loggingBucket, httpSecurityHeaders, edgeLambdaVersion);
 
   const cfprops = cloudFrontDistributionProps ? overrideProps(defaultprops, cloudFrontDistributionProps, true) : defaultprops;
   // Create the Cloudfront Distribution
-  const cfDistribution: cloudfront.Distribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops);
+  const cfDistribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops);
   updateSecurityPolicy(cfDistribution);
 
   return [cfDistribution, edgeLambdaVersion, loggingBucket];
@@ -154,20 +146,18 @@ export function CloudFrontDistributionForApiGateway(scope: cdk.Construct,
 export function CloudFrontDistributionForS3(scope: cdk.Construct,
   sourceBucket: s3.IBucket,
   cloudFrontDistributionProps?: cloudfront.DistributionProps | any,
-  httpSecurityHeaders?: boolean): [cloudfront.Distribution,
+  httpSecurityHeaders: boolean = true): [cloudfront.Distribution,
     cloudfront.Function?, s3.Bucket?] {
 
-  const _httpSecurityHeaders = (httpSecurityHeaders !== undefined && httpSecurityHeaders === false) ? false : true;
+  const cloudfrontFunction = httpSecurityHeaders ? defaultCloudfrontFunction(scope) : undefined;
 
-  const cloudfrontFunction = _httpSecurityHeaders ? defaultCloudfrontFunction(scope) : undefined;
+  const loggingBucket = getLoggingBucket(cloudFrontDistributionProps, scope);
 
-  const loggingBucket = cloudFrontDistributionProps?.enableLogging ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket') : undefined;
-
-  const defaultprops = DefaultCloudFrontWebDistributionForS3Props(sourceBucket, loggingBucket, _httpSecurityHeaders, cloudfrontFunction);
+  const defaultprops = DefaultCloudFrontWebDistributionForS3Props(sourceBucket, loggingBucket, httpSecurityHeaders, cloudfrontFunction);
 
   const cfprops = cloudFrontDistributionProps ? overrideProps(defaultprops, cloudFrontDistributionProps, false) : defaultprops;
   // Create the Cloudfront Distribution
-  const cfDistribution: cloudfront.Distribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops);
+  const cfDistribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops);
   updateSecurityPolicy(cfDistribution);
 
   // Extract the CfnBucketPolicy from the sourceBucket
@@ -185,17 +175,14 @@ export function CloudFrontDistributionForS3(scope: cdk.Construct,
 export function CloudFrontDistributionForMediaStore(scope: cdk.Construct,
   mediaStoreContainer: mediastore.CfnContainer,
   cloudFrontDistributionProps?: cloudfront.DistributionProps | any,
-  httpSecurityHeaders?: boolean): [cloudfront.Distribution,
-    s3.Bucket, cloudfront.OriginRequestPolicy, lambda.Version?] {
+  httpSecurityHeaders: boolean = true): [cloudfront.Distribution,
+    s3.Bucket | undefined, cloudfront.OriginRequestPolicy, lambda.Version?] {
 
   let originRequestPolicy: cloudfront.OriginRequestPolicy;
-  const _httpSecurityHeaders = (httpSecurityHeaders !== undefined && httpSecurityHeaders === false) ? false : true;
 
-  const edgeLambdaVersion = _httpSecurityHeaders ? new lambda.Version(scope, 'SetHttpSecurityHeadersVersion', {
-    lambda: defaultLambdaEdgeFunction(scope)
-  }) : undefined;
+  const edgeLambdaVersion = getEdgeLambdaVersion(httpSecurityHeaders, scope);
 
-  const loggingBucket = cloudFrontDistributionProps?.enableLogging ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket') : undefined;
+  const loggingBucket = getLoggingBucket(cloudFrontDistributionProps, scope);
 
   if (cloudFrontDistributionProps
     && cloudFrontDistributionProps.defaultBehavior
@@ -229,7 +216,7 @@ export function CloudFrontDistributionForMediaStore(scope: cdk.Construct,
     mediaStoreContainer,
     loggingBucket,
     originRequestPolicy,
-    _httpSecurityHeaders,
+    httpSecurityHeaders,
     cloudFrontDistributionProps?.customHeaders,
     edgeLambdaVersion
   );
@@ -243,7 +230,7 @@ export function CloudFrontDistributionForMediaStore(scope: cdk.Construct,
   }
 
   // Create the CloudFront Distribution
-  const cfDistribution: cloudfront.Distribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops);
+  const cfDistribution = new cloudfront.Distribution(scope, 'CloudFrontDistribution', cfprops);
   updateSecurityPolicy(cfDistribution);
 
   return [cfDistribution, loggingBucket, originRequestPolicy, edgeLambdaVersion];
@@ -254,3 +241,15 @@ export function CloudFrontOriginAccessIdentity(scope: cdk.Construct, comment?: s
     comment: comment ? comment : `access-identity-${cdk.Aws.REGION}-${cdk.Aws.STACK_NAME}`
   });
 }
+
+function getLoggingBucket(cloudFrontDistributionProps: cloudfront.DistributionProps | any, scope: cdk.Construct): s3.Bucket | undefined {
+  return cloudFrontDistributionProps?.enableLogging
+    ? cloudFrontDistributionProps.logBucket ?? createLoggingBucket(scope, 'CloudfrontLoggingBucket')
+    : undefined;
+}
+
+function getEdgeLambdaVersion(_httpSecurityHeaders: boolean, scope: cdk.Construct): lambda.Version | undefined {
+  return _httpSecurityHeaders ? new lambda.Version(scope, 'SetHttpSecurityHeadersVersion', {
+    lambda: defaultLambdaEdgeFunction(scope)
+  }) : undefined;
+}