Skip to content

Commit 8f3e793

Browse files
TietewTietew
authored
feat(cloudfront): vpc origins (#33318)
### Issue # (if applicable) Closes #32396. ### Reason for this change VPC origins has been added to CloudFront and now CloudFormation supports it. For details, see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-vpc-origins.html ### Description of changes Added an L2 construct `cloudfront.VpcOrigin` for `AWS::CloudFront::VpcOrigin`. It will be created implicitly by origin class described below. You can create it explicitly to share VPC origins between distributions. ``` ts import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'; // Create a VPC origin resource const vpcOrigin = new cloudfront.VpcOrigin(this, 'VpcOrigin', { // An EC2 instance endpoint endpoint: cloudfront.VpcOriginEndpoint.fromEc2Instance(instance), // An Application Load Balancer endpoint endpoint: cloudfront.VpcOriginEndpoint.fromApplicationLoadBalancer(alb), // A Network Load Balancer endpoint endpoint: cloudfront.VpcOriginEndpoint.fromNetoworkLoadBalancer(nlb), // Endpoint from ARN, i.e. imported resource endpoint: new cloudfront.VpcOriginEndpoint({ endpointArn }), // Optional VPC origin resource configurations vpcOriginName: 'Name of the VPC origin', httpPort: 80, httpsPort: 443, protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER, originSslProtocols: [cloudfront.OriginSslPolicy.TLSV1_2], }); ``` Added an origin class `cloudfront_origins.VpcOrigin` for distribution configuration. It can be configured with an Application Load Balancer, a Network Load Balancer, an EC2 instance, or a `cloudfront.VpcOrigin` construct. ``` ts import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'; import * as origins from 'aws-cdk-lib/aws-cloudfront-origins'; // An EC2 instance as a VPC origin const ec2InstanceOrigin = origins.VpcOrigin.withEc2Instance(instance, { // Optional VPC origin configurations domainName: 'internal.example.com', // default: PrivateDnsName of the instance readTimeout: cdk.Duration.seconds(30), keepaliveTimeout: cdk.Duration.seconds(5), // Optional VPC origin resource configurations vpcOriginName: 'Name of the VPC origin', httpPort: 80, httpsPort: 443, protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER, originSslProtocols: [cloudfront.OriginSslPolicy.TLSV1_2], // Optional origin common configurations connectionTimeout: Duration.seconds(10), connectionAttempts: 3, customHeaders: {}, originShieldRegion: 'region-name', originShieldEnabled: true, originId: 'origin-id', }); // An Application Load Balancer as a VPC origin const albOrigin = origins.VpcOrigin.withApplicationLoadBalancer(alb, { // Optional VPC origin configurations domainName: 'internal.example.com', // default: DNSName of the ALB readTimeout: cdk.Duration.seconds(30), keepaliveTimeout: cdk.Duration.seconds(5), // Optional VPC origin resource configurations // Optional origin common configurations }); // A Network Load Balancer as a VPC origin const nlbOrigin = origins.VpcOrigin.withNetworkLoadBalancer(nlb, { // Optional VPC origin configurations domainName: 'internal.example.com', // default: DNSName of the NLB readTimeout: cdk.Duration.seconds(30), keepaliveTimeout: cdk.Duration.seconds(5), // Optional VPC origin resource configurations // Optional origin common configurations }); // Use an explicit VPC origin resource const vpcOriginOrigin = origins.VpcOrigin.withVpcOrigin(vpcOrigin, { // Mandatory if the vpcOrigin is created without domainName domainName: 'internal.example.com', // Optional VPC origin configurations readTimeout: cdk.Duration.seconds(30), keepaliveTimeout: cdk.Duration.seconds(5), // Optional origin common configurations }); ``` ### Describe any new or updated permissions being added No permissions are added automatically. See README how to allow connections from VPC origins. ### Description of how you validated changes Unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent a2cd7ae commit 8f3e793

File tree

34 files changed

+39562
-8
lines changed

34 files changed

+39562
-8
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront-origins/test/integ.vpc-origin.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js

+155
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront-origins/test/integ.vpc-origin.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js

+1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront-origins/test/integ.vpc-origin.js.snapshot/asset.cde607091ceabfbfb56e643cd4a5647680cfaf19c63f4d59b3f4880df4a71c8d/index.js

+1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)