Skip to content

Commit

Permalink
feat(cloudfront): vpc origins (#33318)
Browse files Browse the repository at this point in the history 
### Issue # (if applicable)

Closes #32396.

### Reason for this change

VPC origins has been added to CloudFront and now CloudFormation supports it.
For details, see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-vpc-origins.html

### Description of changes

Added an L2 construct `cloudfront.VpcOrigin` for `AWS::CloudFront::VpcOrigin`.
It will be created implicitly by origin class described below.
You can create it explicitly to share VPC origins between distributions.

``` ts
import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';

// Create a VPC origin resource
const vpcOrigin = new cloudfront.VpcOrigin(this, 'VpcOrigin', {
  // An EC2 instance endpoint
  endpoint: cloudfront.VpcOriginEndpoint.fromEc2Instance(instance),
  // An Application Load Balancer endpoint
  endpoint: cloudfront.VpcOriginEndpoint.fromApplicationLoadBalancer(alb),
  // A Network Load Balancer endpoint
  endpoint: cloudfront.VpcOriginEndpoint.fromNetoworkLoadBalancer(nlb),
  // Endpoint from ARN, i.e. imported resource
  endpoint: new cloudfront.VpcOriginEndpoint({ endpointArn }),
  // Optional VPC origin resource configurations
  vpcOriginName: 'Name of the VPC origin',
  httpPort: 80,
  httpsPort: 443,
  protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER,
  originSslProtocols: [cloudfront.OriginSslPolicy.TLSV1_2],
});
```

Added an origin class `cloudfront_origins.VpcOrigin` for distribution configuration.
It can be configured with an Application Load Balancer, a Network Load Balancer, an EC2 instance, or a `cloudfront.VpcOrigin` construct.

``` ts
import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';

// An EC2 instance as a VPC origin
const ec2InstanceOrigin = origins.VpcOrigin.withEc2Instance(instance, {
  // Optional VPC origin configurations
  domainName: 'internal.example.com', // default: PrivateDnsName of the instance
  readTimeout: cdk.Duration.seconds(30),
  keepaliveTimeout: cdk.Duration.seconds(5),
  // Optional VPC origin resource configurations
  vpcOriginName: 'Name of the VPC origin',
  httpPort: 80,
  httpsPort: 443,
  protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER,
  originSslProtocols: [cloudfront.OriginSslPolicy.TLSV1_2],
  // Optional origin common configurations
  connectionTimeout: Duration.seconds(10),
  connectionAttempts: 3,
  customHeaders: {},
  originShieldRegion: 'region-name',
  originShieldEnabled: true,
  originId: 'origin-id',
});

// An Application Load Balancer as a VPC origin
const albOrigin = origins.VpcOrigin.withApplicationLoadBalancer(alb, {
  // Optional VPC origin configurations
  domainName: 'internal.example.com', // default: DNSName of the ALB
  readTimeout: cdk.Duration.seconds(30),
  keepaliveTimeout: cdk.Duration.seconds(5),
  // Optional VPC origin resource configurations
  // Optional origin common configurations
});

// A Network Load Balancer as a VPC origin
const nlbOrigin = origins.VpcOrigin.withNetworkLoadBalancer(nlb, {
  // Optional VPC origin configurations
  domainName: 'internal.example.com', // default: DNSName  of the NLB
  readTimeout: cdk.Duration.seconds(30),
  keepaliveTimeout: cdk.Duration.seconds(5),
  // Optional VPC origin resource configurations
  // Optional origin common configurations
});

// Use an explicit VPC origin resource
const vpcOriginOrigin = origins.VpcOrigin.withVpcOrigin(vpcOrigin, {
  // Mandatory if the vpcOrigin is created without domainName
  domainName: 'internal.example.com',
  // Optional VPC origin configurations
  readTimeout: cdk.Duration.seconds(30),
  keepaliveTimeout: cdk.Duration.seconds(5),
  // Optional origin common configurations
});
```

### Describe any new or updated permissions being added

No permissions are added automatically.
See README how to allow connections from VPC origins.

### Description of how you validated changes

Unit tests and integ tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@Tietew
Tietew authored Feb 18, 2025
1 parent a2cd7ae commit 8f3e793
Show file tree
Hide file tree
Showing 34 changed files with 39,562 additions and 8 deletions.
155 changes: 155 additions & 0 deletions .../asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions ....snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions ....snapshot/asset.cde607091ceabfbfb56e643cd4a5647680cfaf19c63f4d59b3f4880df4a71c8d/index.js
View file

Large diffs are not rendered by default.

Loading

0 comments on commit 8f3e793

Please sign in to comment.