Skip to content

Commit

Permalink
Merge branch 'master' into query
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored Aug 29, 2020
2 parents 0fa73d3 + ba51ea3 commit 0c84ab2
Show file tree
Hide file tree
Showing 29 changed files with 956 additions and 191 deletions.
9 changes: 8 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [1.61.1](https://github.com/aws/aws-cdk/compare/v1.61.0...v1.61.1) (2020-08-28)


### Bug Fixes

* **cli:** unable to upgrade new style bootstrap to version ([#10030](https://github.com/aws/aws-cdk/issues/10030)) ([8d3e422](https://github.com/aws/aws-cdk/commit/8d3e422809c29da926bae878276619a59ae82ecb)), closes [#10016](https://github.com/aws/aws-cdk/issues/10016)

## [1.61.0](https://github.com/aws/aws-cdk/compare/v1.60.0...v1.61.0) (2020-08-27)


Expand Down Expand Up @@ -39,7 +46,7 @@ All notable changes to this project will be documented in this file. See [standa
### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

* **cloudfront:** Distribution: `.domains` must be specified if `certificate` is provided.
* **appsync:** **appsync.addXxxDataSource** `name` and `description` props are now optional and in an `DataSourceOptions` interface.
* **appsync:** **appsync.addXxxDataSource** `name` and `description` props are now optional and in an `DataSourceOptions` interface.
- **appsync**: the props `name` and `description` in `addXxxDataSource` have been moved into new props `options` of type `DataSourceOptions`
- **appsync**: `DataSourceOptions.name` defaults to id
- **appsync**: `DataSourceOptions.description` defaults to undefined
Expand Down
2 changes: 1 addition & 1 deletion lerna.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@
"tools/*"
],
"rejectCycles": "true",
"version": "1.61.0"
"version": "1.61.1"
}
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts
Original file line number Diff line number Diff line change
Expand Up @@ -533,7 +533,7 @@ export class GraphQLApi extends GraphqlApiBase {
userPoolId: config.userPool.userPoolId,
awsRegion: config.userPool.stack.region,
appIdClientRegex: config.appIdClientRegex,
defaultAction: config.defaultAction,
defaultAction: config.defaultAction || UserPoolDefaultAction.ALLOW,
};
}

Expand Down
2 changes: 2 additions & 0 deletions packages/@aws-cdk/aws-appsync/test/appsync-auth.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,7 @@ describe('AppSync User Pool Authorization', () => {
AuthenticationType: 'AMAZON_COGNITO_USER_POOLS',
UserPoolConfig: {
AwsRegion: { Ref: 'AWS::Region' },
DefaultAction: 'ALLOW',
UserPoolId: { Ref: 'pool056F3F7E' },
},
});
Expand Down Expand Up @@ -371,6 +372,7 @@ describe('AppSync User Pool Authorization', () => {
AuthenticationType: 'AMAZON_COGNITO_USER_POOLS',
UserPoolConfig: {
AwsRegion: { Ref: 'AWS::Region' },
DefaultAction: 'ALLOW',
UserPoolId: { Ref: 'pool056F3F7E' },
},
AdditionalAuthenticationProviders: [
Expand Down
2 changes: 0 additions & 2 deletions packages/@aws-cdk/aws-appsync/test/integ.graphql.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import {
MappingTemplate,
PrimaryKey,
Schema,
UserPoolDefaultAction,
Values,
} from '../lib';

Expand Down Expand Up @@ -42,7 +41,6 @@ const api = new GraphQLApi(stack, 'Api', {
authorizationType: AuthorizationType.USER_POOL,
userPoolConfig: {
userPool,
defaultAction: UserPoolDefaultAction.ALLOW,
},
},
additionalAuthorizationModes: [
Expand Down
17 changes: 15 additions & 2 deletions packages/@aws-cdk/aws-cloudfront/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ new cloudfront.Distribution(this, 'myDist', {
});
```

## From an HTTP endpoint
#### From an HTTP endpoint

Origins can also be created from any other HTTP endpoint, given the domain name, and optionally, other origin properties.

Expand Down Expand Up @@ -207,6 +207,7 @@ new cloudfront.Distribution(this, 'myDist', {
{
functionVersion: myFunc.currentVersion,
eventType: cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST,
includeBody: true, // Optional - defaults to false
},
],
},
Expand Down Expand Up @@ -246,6 +247,18 @@ new cloudfront.Distribution(this, 'myDist', {
});
```

### Importing Distributions

Existing distributions can be imported as well; note that like most imported constructs, an imported distribution cannot be modified.
However, it can be used as a reference for other higher-level constructs.

```ts
const distribution = cloudfront.Distribution.fromDistributionAttributes(scope, 'ImportedDist', {
domainName: 'd111111abcdef8.cloudfront.net',
distributionId: '012345ABCDEF',
});
```

## CloudFrontWebDistribution API - Stable

![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge)
Expand Down Expand Up @@ -305,7 +318,7 @@ Example:

[create a distrubution with an iam certificate example](test/example.iam-cert-alias.lit.ts)

#### Restrictions
### Restrictions

CloudFront supports adding restrictions to your distribution.

Expand Down
9 changes: 9 additions & 0 deletions packages/@aws-cdk/aws-cloudfront/lib/distribution.ts
Original file line number Diff line number Diff line change
Expand Up @@ -621,6 +621,15 @@ export interface EdgeLambda {

/** The type of event in response to which should the function be invoked. */
readonly eventType: LambdaEdgeEventType;

/**
* Allows a Lambda function to have read access to the body content.
* Only valid for "request" event types (`ORIGIN_REQUEST` or `VIEWER_REQUEST`).
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html
*
* @default false
*/
readonly includeBody?: boolean;
}

/**
Expand Down
27 changes: 26 additions & 1 deletion packages/@aws-cdk/aws-cloudfront/lib/private/cache-behavior.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import * as iam from '@aws-cdk/aws-iam';
import { CfnDistribution } from '../cloudfront.generated';
import { AddBehaviorOptions, ViewerProtocolPolicy } from '../distribution';
import { AddBehaviorOptions, EdgeLambda, LambdaEdgeEventType, ViewerProtocolPolicy } from '../distribution';

/**
* Properties for specifying custom behaviors for origins.
Expand All @@ -24,6 +25,9 @@ export class CacheBehavior {

constructor(originId: string, private readonly props: CacheBehaviorProps) {
this.originId = originId;

this.validateEdgeLambdas(props.edgeLambdas);
this.grantEdgeLambdaFunctionExecutionRole(props.edgeLambdas);
}

/**
Expand Down Expand Up @@ -51,8 +55,29 @@ export class CacheBehavior {
? this.props.edgeLambdas.map(edgeLambda => ({
lambdaFunctionArn: edgeLambda.functionVersion.edgeArn,
eventType: edgeLambda.eventType.toString(),
includeBody: edgeLambda.includeBody,
}))
: undefined,
};
}

private validateEdgeLambdas(edgeLambdas?: EdgeLambda[]) {
const includeBodyEventTypes = [LambdaEdgeEventType.ORIGIN_REQUEST, LambdaEdgeEventType.VIEWER_REQUEST];
if (edgeLambdas && edgeLambdas.some(lambda => lambda.includeBody && !includeBodyEventTypes.includes(lambda.eventType))) {
throw new Error('\'includeBody\' can only be true for ORIGIN_REQUEST or VIEWER_REQUEST event types.');
}
}

private grantEdgeLambdaFunctionExecutionRole(edgeLambdas?: EdgeLambda[]) {
if (!edgeLambdas || edgeLambdas.length === 0) { return; }
edgeLambdas.forEach((edgeLambda) => {
const role = edgeLambda.functionVersion.role;
if (role && role instanceof iam.Role && role.assumeRolePolicy) {
role.assumeRolePolicy.addStatements(new iam.PolicyStatement({
actions: ['sts:AssumeRole'],
principals: [new iam.ServicePrincipal('edgelambda.amazonaws.com')],
}));
}
});
}
}
55 changes: 55 additions & 0 deletions packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts
Original file line number Diff line number Diff line change
Expand Up @@ -424,6 +424,15 @@ export interface LambdaFunctionAssociation {
* A version of the lambda to associate
*/
readonly lambdaFunction: lambda.IVersion;

/**
* Allows a Lambda function to have read access to the body content.
* Only valid for "request" event types (`ORIGIN_REQUEST` or `VIEWER_REQUEST`).
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html
*
* @default false
*/
readonly includeBody?: boolean;
}

export interface ViewerCertificateOptions {
Expand Down Expand Up @@ -628,6 +637,27 @@ interface BehaviorWithOrigin extends Behavior {
readonly targetOriginId: string;
}

/**
* Attributes used to import a Distribution.
*
* @experimental
*/
export interface CloudFrontWebDistributionAttributes {
/**
* The generated domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
*
* @attribute
*/
readonly domainName: string;

/**
* The distribution ID for this distribution.
*
* @attribute
*/
readonly distributionId: string;
}

/**
* Amazon CloudFront is a global content delivery network (CDN) service that securely delivers data, videos,
* applications, and APIs to your viewers with low latency and high transfer speeds.
Expand Down Expand Up @@ -659,6 +689,25 @@ interface BehaviorWithOrigin extends Behavior {
* @resource AWS::CloudFront::Distribution
*/
export class CloudFrontWebDistribution extends cdk.Resource implements IDistribution {

/**
* Creates a construct that represents an external (imported) distribution.
*/
public static fromDistributionAttributes(scope: cdk.Construct, id: string, attrs: CloudFrontWebDistributionAttributes): IDistribution {
return new class extends cdk.Resource implements IDistribution {
public readonly domainName: string;
public readonly distributionDomainName: string;
public readonly distributionId: string;

constructor() {
super(scope, id);
this.domainName = attrs.domainName;
this.distributionDomainName = attrs.domainName;
this.distributionId = attrs.distributionId;
}
}();
}

/**
* The logging bucket for this CloudFront distribution.
* If logging is not enabled for this distribution - this property will be undefined.
Expand Down Expand Up @@ -892,11 +941,17 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
toReturn = Object.assign(toReturn, { pathPattern: input.pathPattern });
}
if (input.lambdaFunctionAssociations) {
const includeBodyEventTypes = [LambdaEdgeEventType.ORIGIN_REQUEST, LambdaEdgeEventType.VIEWER_REQUEST];
if (input.lambdaFunctionAssociations.some(fna => fna.includeBody && !includeBodyEventTypes.includes(fna.eventType))) {
throw new Error('\'includeBody\' can only be true for ORIGIN_REQUEST or VIEWER_REQUEST event types.');
}

toReturn = Object.assign(toReturn, {
lambdaFunctionAssociations: input.lambdaFunctionAssociations
.map(fna => ({
eventType: fna.eventType,
lambdaFunctionArn: fna.lambdaFunction && fna.lambdaFunction.edgeArn,
includeBody: fna.includeBody,
})),
});

Expand Down
38 changes: 38 additions & 0 deletions packages/@aws-cdk/aws-cloudfront/test/distribution.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -468,6 +468,7 @@ describe('with Lambda@Edge functions', () => {
{
functionVersion: lambdaFunction.currentVersion,
eventType: LambdaEdgeEventType.ORIGIN_REQUEST,
includeBody: true,
},
],
},
Expand All @@ -479,6 +480,7 @@ describe('with Lambda@Edge functions', () => {
LambdaFunctionAssociations: [
{
EventType: 'origin-request',
IncludeBody: true,
LambdaFunctionARN: {
Ref: 'FunctionCurrentVersion4E2B2261477a5ae8059bbaa7813f752292c0f65e',
},
Expand All @@ -489,6 +491,42 @@ describe('with Lambda@Edge functions', () => {
});
});

test('edgelambda.amazonaws.com is added to the trust policy of lambda', () => {
new Distribution(stack, 'MyDist', {
defaultBehavior: {
origin,
edgeLambdas: [
{
functionVersion: lambdaFunction.currentVersion,
eventType: LambdaEdgeEventType.ORIGIN_REQUEST,
},
],
},
});

expect(stack).toHaveResource('AWS::IAM::Role', {
AssumeRolePolicyDocument: {
Statement: [
{
Action: 'sts:AssumeRole',
Effect: 'Allow',
Principal: {
Service: 'lambda.amazonaws.com',
},
},
{
Action: 'sts:AssumeRole',
Effect: 'Allow',
Principal: {
Service: 'edgelambda.amazonaws.com',
},
},
],
Version: '2012-10-17',
},
});
});

test('can add an edge lambdas to additional behaviors', () => {
new Distribution(stack, 'MyDist', {
defaultBehavior: { origin },
Expand Down
Loading

0 comments on commit 0c84ab2

Please sign in to comment.