do not create cloudfront log bucket if disabled

also refactor cloudfront-distribution-defaults Signed-off-by: Naseem <naseem@toric.com>
awslabs · Aug 16, 2021 · 640eda3 · 640eda3
1 parent fa6b866
commit 640eda3
Show file tree

Hide file tree

Showing 15 changed files with 111 additions and 169 deletions.
diff --git a/.viperlightignore b/.viperlightignore
@@ -38,7 +38,7 @@ source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.defaultP
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.expected.json:269
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts:29
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.override_auth_api_keys.expected.json:267
-source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts:123
+source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts:124
 source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts:171
 source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts:251
 source/use_cases/aws-custom-glue-etl/stream-producer/generate_data.py:86

diff --git a/...@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json b/...@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json
@@ -868,4 +868,4 @@
       }
     }
   }
-}
+}
diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/lib/index.ts
@@ -51,7 +51,7 @@ export interface CloudFrontToMediaStoreProps {
 export class CloudFrontToMediaStore extends Construct {
   public readonly cloudFrontWebDistribution: cloudfront.Distribution;
   public readonly mediaStoreContainer: mediastore.CfnContainer;
-  public readonly cloudFrontLoggingBucket: s3.Bucket;
+  public readonly cloudFrontLoggingBucket?: s3.Bucket;
   public readonly cloudFrontOriginRequestPolicy: cloudfront.OriginRequestPolicy;
   public readonly cloudFrontOriginAccessIdentity?: cloudfront.OriginAccessIdentity;
   public readonly cloudFrontFunction?: cloudfront.Function;

diff --git a/...erns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json b/...erns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json
@@ -320,4 +320,4 @@
       }
     }
   }
-}
+}
diff --git a/...solutions-constructs/aws-cloudfront-mediastore/test/integ.existingContainer.expected.json b/...solutions-constructs/aws-cloudfront-mediastore/test/integ.existingContainer.expected.json
@@ -237,4 +237,4 @@
       }
     }
   }
-}
+}
diff --git a/...olutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.expected.json b/...olutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.expected.json
@@ -279,4 +279,4 @@
       }
     }
   }
-}
+}
diff --git a/...-constructs/aws-cloudfront-mediastore/test/integ.withoutHttpSecurityHeaders.expected.json b/...-constructs/aws-cloudfront-mediastore/test/integ.withoutHttpSecurityHeaders.expected.json
@@ -297,4 +297,4 @@
       }
     }
   }
-}
+}
diff --git a/...s-solutions-constructs/aws-cloudfront-s3/test/integ.custom-security-headers.expected.json b/...s-solutions-constructs/aws-cloudfront-s3/test/integ.custom-security-headers.expected.json
@@ -419,4 +419,4 @@
       }
     }
   }
-}
+}
diff --git a/...erns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json b/...erns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json
@@ -352,4 +352,4 @@
       }
     }
   }
-}
+}
diff --git a/...atterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json b/...atterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json
@@ -387,4 +387,4 @@
       }
     }
   }
-}
+}
diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts
@@ -12,18 +12,19 @@
  */
 
 import { ResourcePart, SynthUtils } from '@aws-cdk/assert';
-import { CloudFrontToS3, CloudFrontToS3Props } from "../lib";
-import * as cdk from "@aws-cdk/core";
-import * as s3 from '@aws-cdk/aws-s3';
 import '@aws-cdk/assert/jest';
 import * as acm from '@aws-cdk/aws-certificatemanager';
+import * as s3 from '@aws-cdk/aws-s3';
+import * as cdk from "@aws-cdk/core";
 import { RemovalPolicy } from '@aws-cdk/core';
+import { CloudFrontToS3, CloudFrontToS3Props } from "../lib";
 
-function deploy(stack: cdk.Stack) {
+function deploy(stack: cdk.Stack, props?: CloudFrontToS3Props) {
   return new CloudFrontToS3(stack, 'test-cloudfront-s3', {
     bucketProps: {
       removalPolicy: cdk.RemovalPolicy.DESTROY,
-    }
+    },
+    ...props
   });
 }
 
@@ -284,4 +285,13 @@ test("Test existingBucketInterface", () => {
       ]
     }
   });
-});
+});
+
+
+test('test cloudfront disable cloudfront logging', () => {
+  const stack = new cdk.Stack();
+
+  const construct = deploy(stack, {cloudFrontDistributionProps: {enableLogging: false}} );
+
+  expect(construct.cloudFrontLoggingBucket === undefined);
+});
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts
@@ -11,88 +11,53 @@
  *  and limitations under the License.
  */
 
+import * as api from '@aws-cdk/aws-apigateway';
 import * as cloudfront from '@aws-cdk/aws-cloudfront';
+import { FunctionEventType } from '@aws-cdk/aws-cloudfront';
 import * as origins from '@aws-cdk/aws-cloudfront-origins';
-import * as s3 from '@aws-cdk/aws-s3';
-import * as api from '@aws-cdk/aws-apigateway';
 import * as mediastore from '@aws-cdk/aws-mediastore';
+import * as s3 from '@aws-cdk/aws-s3';
 import * as cdk from '@aws-cdk/core';
-import { FunctionEventType } from '@aws-cdk/aws-cloudfront';
 
 export function DefaultCloudFrontWebDistributionForApiGatewayProps(apiEndPoint: api.RestApi,
-  loggingBucket: s3.Bucket,
+  loggingBucket: s3.Bucket | undefined,
   setHttpSecurityHeaders: boolean,
   cfFunction?: cloudfront.IFunction): cloudfront.DistributionProps {
 
   const apiEndPointUrlWithoutProtocol = cdk.Fn.select(1, cdk.Fn.split("://", apiEndPoint.url));
   const apiEndPointDomainName = cdk.Fn.select(0, cdk.Fn.split("/", apiEndPointUrlWithoutProtocol));
 
-  if (setHttpSecurityHeaders) {
-    return {
-      defaultBehavior: {
-        origin: new origins.HttpOrigin(apiEndPointDomainName, {
-          originPath: `/${apiEndPoint.deploymentStage.stageName}`
-        }),
-        functionAssociations: [
-          {
-            eventType: FunctionEventType.VIEWER_RESPONSE,
-            function: cfFunction
-          }
-        ],
-        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
-      },
-      enableLogging: true,
-      logBucket: loggingBucket,
-    } as cloudfront.DistributionProps;
-  } else {
-    return {
-      defaultBehavior: {
-        origin: new origins.HttpOrigin(apiEndPointDomainName, {
-          originPath: `/${apiEndPoint.deploymentStage.stageName}`
-        }),
-        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
-      },
-      enableLogging: true,
-      logBucket: loggingBucket,
-    } as cloudfront.DistributionProps;
-  }
+  return {
+    defaultBehavior: {
+      origin: new origins.HttpOrigin(apiEndPointDomainName, {
+        originPath: `/${apiEndPoint.deploymentStage.stageName}`
+      }),
+      ...getFunctionAssociationsProp(setHttpSecurityHeaders, cfFunction),
+      viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
+    },
+    enableLogging: true,
+    logBucket: loggingBucket,
+  };
 }
 
-export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBucket, loggingBucket: s3.Bucket,
+export function DefaultCloudFrontWebDistributionForS3Props(sourceBucket: s3.IBucket, loggingBucket: s3.Bucket | undefined,
   setHttpSecurityHeaders: boolean,
   cfFunction?: cloudfront.IFunction): cloudfront.DistributionProps {
 
-  if (setHttpSecurityHeaders) {
-    return {
-      defaultBehavior: {
-        origin: new origins.S3Origin(sourceBucket),
-        functionAssociations: [
-          {
-            eventType: FunctionEventType.VIEWER_RESPONSE,
-            function: cfFunction
-          }
-        ],
-        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
-      },
-      enableLogging: true,
-      logBucket: loggingBucket,
-      defaultRootObject: 'index.html'
-    } as cloudfront.DistributionProps;
-  } else {
-    return {
-      defaultBehavior: {
-        origin: new origins.S3Origin(sourceBucket),
-        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
-      },
-      enableLogging: true,
-      logBucket: loggingBucket,
-      defaultRootObject: 'index.html'
-    } as cloudfront.DistributionProps;
-  }
+  return {
+    defaultBehavior: {
+      origin: new origins.S3Origin(sourceBucket),
+      viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+      ...getFunctionAssociationsProp(setHttpSecurityHeaders, cfFunction)
+    },
+    enableLogging: true,
+    logBucket: loggingBucket,
+    defaultRootObject: 'index.html'
+  };
 }
 
 export function DefaultCloudFrontDisributionForMediaStoreProps(mediastoreContainer: mediastore.CfnContainer,
-  loggingBucket: s3.Bucket,
+  loggingBucket: s3.Bucket | undefined,
   originRequestPolicy: cloudfront.OriginRequestPolicy,
   setHttpSecurityHeaders: boolean,
   customHeaders?: Record<string, string>,
@@ -105,35 +70,27 @@ export function DefaultCloudFrontDisributionForMediaStoreProps(mediastoreContain
     new origins.HttpOrigin(mediaStoreContainerDomainName, { customHeaders }) :
     new origins.HttpOrigin(mediaStoreContainerDomainName);
 
-  if (setHttpSecurityHeaders) {
-    return {
-      defaultBehavior: {
-        origin: httpOrigin,
-        functionAssociations: [
-          {
-            eventType: FunctionEventType.VIEWER_RESPONSE,
-            function: cfFunction
-          }
-        ],
-        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
-        allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
-        cachedMethods: cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS,
-        originRequestPolicy
-      },
-      enableLogging: true,
-      logBucket: loggingBucket
-    } as cloudfront.DistributionProps;
-  } else {
-    return {
-      defaultBehavior: {
-        origin: httpOrigin,
-        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
-        allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
-        cachedMethods: cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS,
-        originRequestPolicy
-      },
-      enableLogging: true,
-      logBucket: loggingBucket
-    } as cloudfront.DistributionProps;
-  }
-}
+  return {
+    defaultBehavior: {
+      origin: httpOrigin,
+      viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+      allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
+      cachedMethods: cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS,
+      originRequestPolicy,
+      ...getFunctionAssociationsProp(setHttpSecurityHeaders, cfFunction)
+    },
+    enableLogging: true,
+    logBucket: loggingBucket
+  };
+}
+
+function getFunctionAssociationsProp(setHttpSecurityHeaders: boolean, cfFunction: cloudfront.IFunction | undefined) {
+  return (setHttpSecurityHeaders && cfFunction) ? {
+    functionAssociations: [
+      {
+        eventType: FunctionEventType.VIEWER_RESPONSE,
+        function: cfFunction
+      }
+    ]
+  } : {};
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -868,4 +868,4 @@ @@
           }
         }
       }
-    }
+    }