daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cdk/node_modules/aws-cdk-lib/aws-cloudfront/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.services.cloudfront"
},
"dotnet": {
"namespace": "Amazon.CDK.AWS.CloudFront"
},
"python": {
"module": "aws_cdk.aws_cloudfront"
}
}
}

1597
cdk/node_modules/aws-cdk-lib/aws-cloudfront/README.md generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

14
cdk/node_modules/aws-cdk-lib/aws-cloudfront/grants.json generated vendored Normal file
View File

@@ -0,0 +1,14 @@
{
"resources": {
"Distribution": {
"grants": {
"createInvalidation": {
"actions": [
"cloudfront:CreateInvalidation"
],
"docSummary": "Grant to create invalidations for this bucket to an IAM principal (Role/Group/User)."
}
}
}
}
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './lib';

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

191
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cache-policy.d.ts generated vendored Normal file
View File

@@ -0,0 +1,191 @@
import type { Construct } from 'constructs';
import type { CachePolicyReference, ICachePolicyRef } from './cloudfront.generated';
import { Duration, Resource } from '../../core';
/**
* Represents a Cache Policy
*/
export interface ICachePolicy extends ICachePolicyRef {
/**
* The ID of the cache policy
* @attribute
*/
readonly cachePolicyId: string;
}
/**
* Properties for creating a Cache Policy
*/
export interface CachePolicyProps {
/**
* A unique name to identify the cache policy.
* The name must only include '-', '_', or alphanumeric characters.
* @default - generated from the `id`
*/
readonly cachePolicyName?: string;
/**
* A comment to describe the cache policy.
*
* The comment cannot be longer than 128 characters.
*
* @default - no comment
*/
readonly comment?: string;
/**
* The default amount of time for objects to stay in the CloudFront cache.
* Only used when the origin does not send Cache-Control or Expires headers with the object.
* @default - The greater of 1 day and ``minTtl``
*/
readonly defaultTtl?: Duration;
/**
* The minimum amount of time for objects to stay in the CloudFront cache.
* @default Duration.seconds(0)
*/
readonly minTtl?: Duration;
/**
* The maximum amount of time for objects to stay in the CloudFront cache.
* CloudFront uses this value only when the origin sends Cache-Control or Expires headers with the object.
* @default - The greater of 1 year and ``defaultTtl``
*/
readonly maxTtl?: Duration;
/**
* Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin.
* @default CacheCookieBehavior.none()
*/
readonly cookieBehavior?: CacheCookieBehavior;
/**
* Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin.
* @default CacheHeaderBehavior.none()
*/
readonly headerBehavior?: CacheHeaderBehavior;
/**
* Determines whether any query strings are included in the cache key and automatically included in requests that CloudFront sends to the origin.
* @default CacheQueryStringBehavior.none()
*/
readonly queryStringBehavior?: CacheQueryStringBehavior;
/**
* Whether to normalize and include the `Accept-Encoding` header in the cache key when the `Accept-Encoding` header is 'gzip'.
* @default false
*/
readonly enableAcceptEncodingGzip?: boolean;
/**
* Whether to normalize and include the `Accept-Encoding` header in the cache key when the `Accept-Encoding` header is 'br'.
* @default false
*/
readonly enableAcceptEncodingBrotli?: boolean;
}
/**
* A Cache Policy configuration.
*
* @resource AWS::CloudFront::CachePolicy
* @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html
*/
export declare class CachePolicy extends Resource implements ICachePolicy {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* This policy is designed for use with an origin that is an AWS Amplify web app.
*/
static readonly AMPLIFY: ICachePolicy;
/**
* Optimize cache efficiency by minimizing the values that CloudFront includes in the cache key.
* Query strings and cookies are not included in the cache key, and only the normalized 'Accept-Encoding' header is included.
*/
static readonly CACHING_OPTIMIZED: ICachePolicy;
/**
* Optimize cache efficiency by minimizing the values that CloudFront includes in the cache key.
* Query strings and cookies are not included in the cache key, and only the normalized 'Accept-Encoding' header is included.
* Disables cache compression.
*/
static readonly CACHING_OPTIMIZED_FOR_UNCOMPRESSED_OBJECTS: ICachePolicy;
/** Disables caching. This policy is useful for dynamic content and for requests that are not cacheable. */
static readonly CACHING_DISABLED: ICachePolicy;
/** Designed for use with an origin that is an AWS Elemental MediaPackage endpoint. */
static readonly ELEMENTAL_MEDIA_PACKAGE: ICachePolicy;
/**
* Designed for use with an origin that returns Cache-Control HTTP response headers and does not serve different content based on values present in the query string.
*/
static readonly USE_ORIGIN_CACHE_CONTROL_HEADERS: ICachePolicy;
/**
* Designed for use with an origin that returns Cache-Control HTTP response headers and serves different content based on values present in the query string.
*/
static readonly USE_ORIGIN_CACHE_CONTROL_HEADERS_QUERY_STRINGS: ICachePolicy;
/** Imports a Cache Policy from its id. */
static fromCachePolicyId(scope: Construct, id: string, cachePolicyId: string): ICachePolicy;
/** Use an existing managed cache policy. */
private static fromManagedCachePolicy;
readonly cachePolicyId: string;
readonly cachePolicyRef: CachePolicyReference;
constructor(scope: Construct, id: string, props?: CachePolicyProps);
private renderCacheKey;
}
/**
* Determines whether any cookies in viewer requests are included in the cache key and
* automatically included in requests that CloudFront sends to the origin.
*/
export declare class CacheCookieBehavior {
/**
* Cookies in viewer requests are not included in the cache key and
* are not automatically included in requests that CloudFront sends to the origin.
*/
static none(): CacheCookieBehavior;
/**
* All cookies in viewer requests are included in the cache key and are automatically included in requests that CloudFront sends to the origin.
*/
static all(): CacheCookieBehavior;
/**
* Only the provided `cookies` are included in the cache key and automatically included in requests that CloudFront sends to the origin.
*/
static allowList(...cookies: string[]): CacheCookieBehavior;
/**
* All cookies except the provided `cookies` are included in the cache key and
* automatically included in requests that CloudFront sends to the origin.
*/
static denyList(...cookies: string[]): CacheCookieBehavior;
/** The behavior of cookies: allow all, none, an allow list, or a deny list. */
readonly behavior: string;
/** The cookies to allow or deny, if the behavior is an allow or deny list. */
readonly cookies?: string[];
private constructor();
}
/**
* Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin.
*/
export declare class CacheHeaderBehavior {
/** HTTP headers are not included in the cache key and are not automatically included in requests that CloudFront sends to the origin. */
static none(): CacheHeaderBehavior;
/** Listed headers are included in the cache key and are automatically included in requests that CloudFront sends to the origin. */
static allowList(...headers: string[]): CacheHeaderBehavior;
/** If no headers will be passed, or an allow list of headers. */
readonly behavior: string;
/** The headers for the allow/deny list, if applicable. */
readonly headers?: string[];
private constructor();
}
/**
* Determines whether any URL query strings in viewer requests are included in the cache key
* and automatically included in requests that CloudFront sends to the origin.
*/
export declare class CacheQueryStringBehavior {
/**
* Query strings in viewer requests are not included in the cache key and
* are not automatically included in requests that CloudFront sends to the origin.
*/
static none(): CacheQueryStringBehavior;
/**
* All query strings in viewer requests are included in the cache key and are automatically included in requests that CloudFront sends to the origin.
*/
static all(): CacheQueryStringBehavior;
/**
* Only the provided `queryStrings` are included in the cache key and automatically included in requests that CloudFront sends to the origin.
*/
static allowList(...queryStrings: string[]): CacheQueryStringBehavior;
/**
* All query strings except the provided `queryStrings` are included in the cache key and
* automatically included in requests that CloudFront sends to the origin.
*/
static denyList(...queryStrings: string[]): CacheQueryStringBehavior;
/** The behavior of query strings -- allow all, none, only an allow list, or a deny list. */
readonly behavior: string;
/** The query strings to allow or deny, if the behavior is an allow or deny list. */
readonly queryStrings?: string[];
private constructor();
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cache-policy.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

50
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cloudfront-canned-metrics.generated.d.ts generated vendored Normal file
View File

@@ -0,0 +1,50 @@
export interface MetricWithDims<D> {
readonly namespace: string;
readonly metricName: string;
readonly statistic: string;
readonly dimensionsMap: D;
}
export declare class CloudFrontMetrics {
static requestsSum(this: void, dimensions: {
DistributionId: string;
Region: string;
}): MetricWithDims<{
DistributionId: string;
Region: string;
}>;
static totalErrorRateAverage(this: void, dimensions: {
DistributionId: string;
Region: string;
}): MetricWithDims<{
DistributionId: string;
Region: string;
}>;
static bytesDownloadedSum(this: void, dimensions: {
DistributionId: string;
Region: string;
}): MetricWithDims<{
DistributionId: string;
Region: string;
}>;
static bytesUploadedSum(this: void, dimensions: {
DistributionId: string;
Region: string;
}): MetricWithDims<{
DistributionId: string;
Region: string;
}>;
static _4XxErrorRateAverage(this: void, dimensions: {
DistributionId: string;
Region: string;
}): MetricWithDims<{
DistributionId: string;
Region: string;
}>;
static _5XxErrorRateAverage(this: void, dimensions: {
DistributionId: string;
Region: string;
}): MetricWithDims<{
DistributionId: string;
Region: string;
}>;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cloudfront-canned-metrics.generated.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CloudFrontMetrics=void 0;class CloudFrontMetrics{static requestsSum(dimensions){return{namespace:"AWS/CloudFront",metricName:"Requests",dimensionsMap:dimensions,statistic:"Sum"}}static totalErrorRateAverage(dimensions){return{namespace:"AWS/CloudFront",metricName:"TotalErrorRate",dimensionsMap:dimensions,statistic:"Average"}}static bytesDownloadedSum(dimensions){return{namespace:"AWS/CloudFront",metricName:"BytesDownloaded",dimensionsMap:dimensions,statistic:"Sum"}}static bytesUploadedSum(dimensions){return{namespace:"AWS/CloudFront",metricName:"BytesUploaded",dimensionsMap:dimensions,statistic:"Sum"}}static _4XxErrorRateAverage(dimensions){return{namespace:"AWS/CloudFront",metricName:"4xxErrorRate",dimensionsMap:dimensions,statistic:"Average"}}static _5XxErrorRateAverage(dimensions){return{namespace:"AWS/CloudFront",metricName:"5xxErrorRate",dimensionsMap:dimensions,statistic:"Average"}}}exports.CloudFrontMetrics=CloudFrontMetrics;

22
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cloudfront-grants.generated.d.ts generated vendored Normal file
View File

@@ -0,0 +1,22 @@
import * as cloudfront from "./cloudfront.generated";
import * as iam from "../../aws-iam";
import * as cdk from "../../core/lib";
/**
* Collection of grant methods for a IDistributionRef
*/
export declare class DistributionGrants {
/**
* Creates grants for DistributionGrants
*/
static fromDistribution(resource: cloudfront.IDistributionRef): DistributionGrants;
protected readonly resource: cloudfront.IDistributionRef;
private constructor();
/**
* Grant the given identity custom permissions
*/
actions(grantee: iam.IGrantable, actions: Array<string>, options?: cdk.PermissionsOptions): iam.Grant;
/**
* Grant to create invalidations for this bucket to an IAM principal (Role/Group/User).
*/
createInvalidation(grantee: iam.IGrantable): iam.Grant;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cloudfront-grants.generated.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.DistributionGrants=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var cloudfront=()=>{var tmp=require("./cloudfront.generated");return cloudfront=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp};class DistributionGrants{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cloudfront.DistributionGrants",version:"2.252.0"};static fromDistribution(resource){try{jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_cloudfront_IDistributionRef(resource)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromDistribution),error}return new DistributionGrants({resource})}resource;constructor(props){this.resource=props.resource}actions(grantee,actions,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee),jsiiDeprecationWarnings().aws_cdk_lib_PermissionsOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.actions),error}return iam().Grant.addToPrincipal({actions,grantee,resourceArns:options.resourceArns??[cloudfront().CfnDistribution.arnForDistribution(this.resource)]})}createInvalidation(grantee){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.createInvalidation),error}const actions=["cloudfront:CreateInvalidation"];return this.actions(grantee,actions,{})}}exports.DistributionGrants=DistributionGrants;

6538
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cloudfront.generated.d.ts generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/cloudfront.generated.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

703
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/distribution.d.ts generated vendored Normal file
View File

@@ -0,0 +1,703 @@
import { Construct } from 'constructs';
import { DistributionGrants } from './cloudfront-grants.generated';
import type { DistributionReference, ICachePolicyRef, IDistributionRef, IKeyGroupRef, IOriginRequestPolicyRef, IRealtimeLogConfigRef, IResponseHeadersPolicyRef } from './cloudfront.generated';
import type { FunctionAssociation } from './function';
import type { GeoRestriction } from './geo-restriction';
import type { IOrigin } from './origin';
import * as cloudwatch from '../../aws-cloudwatch';
import type * as iam from '../../aws-iam';
import type * as lambda from '../../aws-lambda';
import * as s3 from '../../aws-s3';
import type { Duration, IResource } from '../../core';
import { Resource } from '../../core';
import type { ICertificateRef } from '../../interfaces/generated/aws-certificatemanager-interfaces.generated';
/**
* Interface for CloudFront distributions
*/
export interface IDistribution extends IResource, IDistributionRef {
/**
* The domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
*
* @attribute
*/
readonly distributionDomainName: string;
/**
* The distribution ID for this distribution.
*
* @attribute
*/
readonly distributionId: string;
/**
* The distribution ARN for this distribution.
*
* @attribute
*/
readonly distributionArn: string;
/**
* Adds an IAM policy statement associated with this distribution to an IAM
* principal's policy.
*
* @param identity The principal
* @param actions The set of actions to allow (i.e. "cloudfront:ListInvalidations")
*/
grant(identity: iam.IGrantable, ...actions: string[]): iam.Grant;
/**
* Grant to create invalidations for this bucket to an IAM principal (Role/Group/User).
*
* @param identity The principal
*/
grantCreateInvalidation(identity: iam.IGrantable): iam.Grant;
}
/**
* Attributes used to import a Distribution.
*/
export interface DistributionAttributes {
/**
* The generated domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
*
* @attribute
*/
readonly domainName: string;
/**
* The distribution ID for this distribution.
*
* @attribute
*/
readonly distributionId: string;
}
/**
* Properties for a Distribution
*/
export interface DistributionProps {
/**
* The default behavior for the distribution.
*/
readonly defaultBehavior: BehaviorOptions;
/**
* Additional behaviors for the distribution, mapped by the pathPattern that specifies which requests to apply the behavior to.
*
* @default - no additional behaviors are added.
*/
readonly additionalBehaviors?: Record<string, BehaviorOptions>;
/**
* A certificate to associate with the distribution. The certificate must be located in N. Virginia (us-east-1).
*
* @default - the CloudFront wildcard certificate (*.cloudfront.net) will be used.
*/
readonly certificate?: ICertificateRef;
/**
* Any comments you want to include about the distribution.
*
* @default - no comment
*/
readonly comment?: string;
/**
* The object that you want CloudFront to request from your origin (for example, index.html)
* when a viewer requests the root URL for your distribution. If no default object is set, the
* request goes to the origin's root (e.g., example.com/).
*
* @default - no default root object
*/
readonly defaultRootObject?: string;
/**
* Alternative domain names for this distribution.
*
* If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net domain name,
* you can add an alternate domain name to your distribution. If you attach a certificate to the distribution,
* you should add (at least one of) the domain names of the certificate to this list.
*
* When you want to move a domain name between distributions, you can associate a certificate without specifying any domain names.
* For more information, see the _Moving an alternate domain name to a different distribution_ section in the README.
*
* @default - The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
*/
readonly domainNames?: string[];
/**
* Enable or disable the distribution.
*
* @default true
*/
readonly enabled?: boolean;
/**
* Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address.
*
* If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses.
* This allows viewers to submit a second request, for an IPv4 address for your distribution.
*
* @default true
*/
readonly enableIpv6?: boolean;
/**
* Enable access logging for the distribution.
*
* @default - false, unless `logBucket` is specified.
*/
readonly enableLogging?: boolean;
/**
* Controls the countries in which your content is distributed.
*
* @default - No geographic restrictions
*/
readonly geoRestriction?: GeoRestriction;
/**
* Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront.
*
* For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support server name identification (SNI).
*
* @default HttpVersion.HTTP2
*/
readonly httpVersion?: HttpVersion;
/**
* The Amazon S3 bucket to store the access logs in.
* Make sure to set `objectOwnership` to `s3.ObjectOwnership.OBJECT_WRITER` in your custom bucket.
*
* @default - A bucket is created if `enableLogging` is true
*/
readonly logBucket?: s3.IBucket;
/**
* Specifies whether you want CloudFront to include cookies in access logs
*
* @default false
*/
readonly logIncludesCookies?: boolean;
/**
* An optional string that you want CloudFront to prefix to the access log filenames for this distribution.
*
* @default - no prefix
*/
readonly logFilePrefix?: string;
/**
* The price class that corresponds with the maximum price that you want to pay for CloudFront service.
* If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations.
* If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location
* that has the lowest latency among the edge locations in your price class.
*
* @default PriceClass.PRICE_CLASS_ALL
*/
readonly priceClass?: PriceClass;
/**
* Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.
*
* To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
* `arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a`.
* To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example `473e64fd-f30b-4765-81a0-62ad96dd167a`.
*
* @see https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
* @see https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateDistribution.html#API_CreateDistribution_RequestParameters.
*
* @default - No AWS Web Application Firewall web access control list (web ACL).
*/
readonly webAclId?: string;
/**
* How CloudFront should handle requests that are not successful (e.g., PageNotFound).
*
* @default - No custom error responses.
*/
readonly errorResponses?: ErrorResponse[];
/**
* The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
*
* CloudFront serves your objects only to browsers or devices that support at
* least the SSL version that you specify.
*
* @default - SecurityPolicyProtocol.TLS_V1_2_2021 if the '@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021' feature flag is set; otherwise, SecurityPolicyProtocol.TLS_V1_2_2019.
*/
readonly minimumProtocolVersion?: SecurityPolicyProtocol;
/**
* The SSL method CloudFront will use for your distribution.
*
* Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates
* which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present
* multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites
* (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.
*
* CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.
*
* If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for
* using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).
*
* See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/
*
* @default SSLMethod.SNI
*/
readonly sslSupportMethod?: SSLMethod;
/**
* Whether to enable additional CloudWatch metrics.
*
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/viewing-cloudfront-metrics.html
*
* @default false
*/
readonly publishAdditionalMetrics?: boolean;
}
/**
* A CloudFront distribution with associated origin(s) and caching behavior(s).
*/
export declare class Distribution extends Resource implements IDistribution {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Creates a Distribution construct that represents an external (imported) distribution.
*/
static fromDistributionAttributes(scope: Construct, id: string, attrs: DistributionAttributes): IDistribution;
readonly domainName: string;
readonly distributionDomainName: string;
readonly distributionId: string;
readonly distributionRef: DistributionReference;
/**
* Collection of grant methods for a Distribution
*/
readonly grants: DistributionGrants;
private readonly httpVersion;
private readonly defaultBehavior;
private readonly additionalBehaviors;
private readonly boundOrigins;
private readonly originGroups;
private readonly errorResponses;
private readonly certificate?;
private readonly publishAdditionalMetrics?;
private readonly _webAclId;
constructor(scope: Construct, id: string, props: DistributionProps);
get distributionArn(): string;
/**
* Return the given named metric for this Distribution
*/
metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the total number of viewer requests received by CloudFront, for all HTTP methods and for both HTTP and HTTPS requests.
*
* @default - sum over 5 minutes
*/
metricRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the total number of bytes that viewers uploaded to your origin with CloudFront, using POST and PUT requests.
*
* @default - sum over 5 minutes
*/
metricBytesUploaded(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the total number of bytes downloaded by viewers for GET, HEAD, and OPTIONS requests.
*
* @default - sum over 5 minutes
*/
metricBytesDownloaded(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 4xx or 5xx.
*
* @default - average over 5 minutes
*/
metricTotalErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 4xx.
*
* @default - average over 5 minutes
*/
metric4xxErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 5xx.
*
* @default - average over 5 minutes
*/
metric5xxErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the total time spent from when CloudFront receives a request to when it starts providing a response to the network (not the viewer),
* for requests that are served from the origin, not the CloudFront cache.
*
* This is also known as first byte latency, or time-to-first-byte.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metricOriginLatency(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all cacheable requests for which CloudFront served the content from its cache.
*
* HTTP POST and PUT requests, and errors, are not considered cacheable requests.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metricCacheHitRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 401.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metric401ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 403.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metric403ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 404.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metric404ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 502.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metric502ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 503.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metric503ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Metric for the percentage of all viewer requests for which the response's HTTP status code is 504.
*
* To obtain this metric, you need to set `publishAdditionalMetrics` to `true`.
*
* @default - average over 5 minutes
*/
metric504ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Adds a new behavior to this distribution for the given pathPattern.
*
* @param pathPattern the path pattern (e.g., 'images/*') that specifies which requests to apply the behavior to.
* @param origin the origin to use for this behavior
* @param behaviorOptions the options for the behavior at this path.
*/
addBehavior(pathPattern: string, origin: IOrigin, behaviorOptions?: AddBehaviorOptions): void;
/**
* Adds an IAM policy statement associated with this distribution to an IAM
* principal's policy.
* [disable-awslint:no-grants]
*
* @param identity The principal
* @param actions The set of actions to allow (i.e. "cloudfront:ListInvalidations")
*/
grant(identity: iam.IGrantable, ...actions: string[]): iam.Grant;
/**
* Grant to create invalidations for this bucket to an IAM principal (Role/Group/User).
* [disable-awslint:no-grants]
*
* @param identity The principal
*/
grantCreateInvalidation(identity: iam.IGrantable): iam.Grant;
/**
* Attach WAF WebACL to this CloudFront distribution
*
* WebACL must be in the us-east-1 region
*
* @param webAclId The WAF WebACL to associate with this distribution
*/
attachWebAclId(webAclId: string): void;
private validateWebAclId;
private addOrigin;
private addOriginGroup;
private renderOrigins;
private renderOriginGroups;
private renderCacheBehaviors;
private renderErrorResponses;
private renderLogging;
private renderRestrictions;
private renderViewerCertificate;
private validateGrpc;
}
/** Maximum HTTP version to support */
export declare enum HttpVersion {
/** HTTP 1.1 */
HTTP1_1 = "http1.1",
/** HTTP 2 */
HTTP2 = "http2",
/** HTTP 2 and HTTP 3 */
HTTP2_AND_3 = "http2and3",
/** HTTP 3 */
HTTP3 = "http3"
}
/**
* The price class determines how many edge locations CloudFront will use for your distribution.
* See https://aws.amazon.com/cloudfront/pricing/ for full list of supported regions.
*/
export declare enum PriceClass {
/** USA, Canada, Europe, & Israel */
PRICE_CLASS_100 = "PriceClass_100",
/** PRICE_CLASS_100 + South Africa, Kenya, Middle East, Japan, Singapore, South Korea, Taiwan, Hong Kong, & Philippines */
PRICE_CLASS_200 = "PriceClass_200",
/** All locations */
PRICE_CLASS_ALL = "PriceClass_All"
}
/**
* How HTTPs should be handled with your distribution.
*/
export declare enum ViewerProtocolPolicy {
/** HTTPS only */
HTTPS_ONLY = "https-only",
/** Will redirect HTTP requests to HTTPS */
REDIRECT_TO_HTTPS = "redirect-to-https",
/** Both HTTP and HTTPS supported */
ALLOW_ALL = "allow-all"
}
/**
* Defines what protocols CloudFront will use to connect to an origin.
*/
export declare enum OriginProtocolPolicy {
/** Connect on HTTP only */
HTTP_ONLY = "http-only",
/** Connect with the same protocol as the viewer */
MATCH_VIEWER = "match-viewer",
/** Connect on HTTPS only */
HTTPS_ONLY = "https-only"
}
/**
* The SSL method CloudFront will use for your distribution.
*
* Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates
* which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present
* multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites
* (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.
*
* CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.
*
* If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for
* using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).
*
* See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/
*
*/
export declare enum SSLMethod {
SNI = "sni-only",
VIP = "vip",
STATIC_IP = "static-ip"
}
/**
* The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
* CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.
*/
export declare enum SecurityPolicyProtocol {
SSL_V3 = "SSLv3",
TLS_V1 = "TLSv1",
TLS_V1_2016 = "TLSv1_2016",
TLS_V1_1_2016 = "TLSv1.1_2016",
TLS_V1_2_2018 = "TLSv1.2_2018",
TLS_V1_2_2019 = "TLSv1.2_2019",
TLS_V1_2_2021 = "TLSv1.2_2021",
TLS_V1_2_2025 = "TLSv1.2_2025",
TLS_V1_3_2025 = "TLSv1.3_2025"
}
/**
* The HTTP methods that the Behavior will accept requests on.
*/
export declare class AllowedMethods {
/** HEAD and GET */
static readonly ALLOW_GET_HEAD: AllowedMethods;
/** HEAD, GET, and OPTIONS */
static readonly ALLOW_GET_HEAD_OPTIONS: AllowedMethods;
/** All supported HTTP methods */
static readonly ALLOW_ALL: AllowedMethods;
/** HTTP methods supported */
readonly methods: string[];
private constructor();
}
/**
* The HTTP methods that the Behavior will cache requests on.
*/
export declare class CachedMethods {
/** HEAD and GET */
static readonly CACHE_GET_HEAD: CachedMethods;
/** HEAD, GET, and OPTIONS */
static readonly CACHE_GET_HEAD_OPTIONS: CachedMethods;
/** HTTP methods supported */
readonly methods: string[];
private constructor();
}
/**
* Options for configuring custom error responses.
*/
export interface ErrorResponse {
/**
* The minimum amount of time, in seconds, that you want CloudFront to cache the HTTP status code specified in ErrorCode.
*
* @default - the default caching TTL behavior applies
*/
readonly ttl?: Duration;
/**
* The HTTP status code for which you want to specify a custom error page and/or a caching duration.
*/
readonly httpStatus: number;
/**
* The HTTP status code that you want CloudFront to return to the viewer along with the custom error page.
*
* If you specify a value for `responseHttpStatus`, you must also specify a value for `responsePagePath`.
*
* @default - the error code will be returned as the response code.
*/
readonly responseHttpStatus?: number;
/**
* The path to the custom error page that you want CloudFront to return to a viewer when your origin returns the
* `httpStatus`, for example, /4xx-errors/403-forbidden.html
*
* @default - the default CloudFront response is shown.
*/
readonly responsePagePath?: string;
}
/**
* The type of events that a Lambda@Edge function can be invoked in response to.
*/
export declare enum LambdaEdgeEventType {
/**
* The origin-request specifies the request to the
* origin location (e.g. S3)
*/
ORIGIN_REQUEST = "origin-request",
/**
* The origin-response specifies the response from the
* origin location (e.g. S3)
*/
ORIGIN_RESPONSE = "origin-response",
/**
* The viewer-request specifies the incoming request
*/
VIEWER_REQUEST = "viewer-request",
/**
* The viewer-response specifies the outgoing response
*/
VIEWER_RESPONSE = "viewer-response"
}
/**
* Represents a Lambda function version and event type when using Lambda@Edge.
* The type of the `AddBehaviorOptions.edgeLambdas` property.
*/
export interface EdgeLambda {
/**
* The version of the Lambda function that will be invoked.
*
* **Note**: it's not possible to use the '$LATEST' function version for Lambda@Edge!
*/
readonly functionVersion: lambda.IVersion;
/** The type of event in response to which should the function be invoked. */
readonly eventType: LambdaEdgeEventType;
/**
* Allows a Lambda function to have read access to the body content.
* Only valid for "request" event types (`ORIGIN_REQUEST` or `VIEWER_REQUEST`).
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html
*
* @default false
*/
readonly includeBody?: boolean;
}
/**
* Options for adding a new behavior to a Distribution.
*/
export interface AddBehaviorOptions {
/**
* HTTP methods to allow for this behavior.
*
* @default AllowedMethods.ALLOW_GET_HEAD
*/
readonly allowedMethods?: AllowedMethods;
/**
* HTTP methods to cache for this behavior.
*
* @default CachedMethods.CACHE_GET_HEAD
*/
readonly cachedMethods?: CachedMethods;
/**
* The cache policy for this behavior. The cache policy determines what values are included in the cache key,
* and the time-to-live (TTL) values for the cache.
*
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html.
* @default CachePolicy.CACHING_OPTIMIZED
*/
readonly cachePolicy?: ICachePolicyRef;
/**
* Whether you want CloudFront to automatically compress certain files for this cache behavior.
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html#compressed-content-cloudfront-file-types
* for file types CloudFront will compress.
*
* @default true
*/
readonly compress?: boolean;
/**
* The origin request policy for this behavior. The origin request policy determines which values (e.g., headers, cookies)
* are included in requests that CloudFront sends to the origin.
*
* @default - none
*/
readonly originRequestPolicy?: IOriginRequestPolicyRef;
/**
* The real-time log configuration to be attached to this cache behavior.
*
* @default - none
*/
readonly realtimeLogConfig?: IRealtimeLogConfigRef;
/**
* The response headers policy for this behavior. The response headers policy determines which headers are included in responses
*
* @default - none
*/
readonly responseHeadersPolicy?: IResponseHeadersPolicyRef;
/**
* Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior.
*
* @default false
*/
readonly smoothStreaming?: boolean;
/**
* The protocol that viewers can use to access the files controlled by this behavior.
*
* @default ViewerProtocolPolicy.ALLOW_ALL
*/
readonly viewerProtocolPolicy?: ViewerProtocolPolicy;
/**
* The CloudFront functions to invoke before serving the contents.
*
* @default - no functions will be invoked
*/
readonly functionAssociations?: FunctionAssociation[];
/**
* The Lambda@Edge functions to invoke before serving the contents.
*
* @default - no Lambda functions will be invoked
* @see https://aws.amazon.com/lambda/edge
*/
readonly edgeLambdas?: EdgeLambda[];
/**
* A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies.
*
* @default - no KeyGroups are associated with cache behavior
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
*/
readonly trustedKeyGroups?: IKeyGroupRef[];
/**
* Enables your CloudFront distribution to receive gRPC requests and to proxy them directly to your origins.
*
* If the `enableGrpc` is set to true, the following restrictions apply:
* - The `allowedMethods` property must be `AllowedMethods.ALLOW_ALL` to include POST method because gRPC only supports POST method.
* - The `httpVersion` property must be `HttpVersion.HTTP2` or `HttpVersion.HTTP2_AND_3` because gRPC only supports versions including HTTP/2.
* - The `edgeLambdas` property can't be specified because gRPC is not supported with Lambda@Edge.
*
* @default false
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-using-grpc.html
*/
readonly enableGrpc?: boolean;
}
/**
* Options for creating a new behavior.
*/
export interface BehaviorOptions extends AddBehaviorOptions {
/**
* The origin that you want CloudFront to route requests to when they match this behavior.
*/
readonly origin: IOrigin;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/distribution.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

23
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/endpoint.d.ts generated vendored Normal file
View File

@@ -0,0 +1,23 @@
import type { Construct } from 'constructs';
import * as iam from '../../aws-iam';
import type * as kinesis from '../../aws-kinesis';
/**
* Represents the endpoints available for targetting within a realtime log config resource
*/
export declare abstract class Endpoint {
/**
* Configure a Kinesis Stream Endpoint for Realtime Log Config
*
* @default - a role will be created and used across your endpoints
*/
static fromKinesisStream(stream: kinesis.IStream, role?: iam.IRole): Endpoint;
private constructor();
/**
* @internal
*/
private singletonKinesisRole;
/**
* @internal
*/
abstract _renderEndpoint(scope: Construct): any;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/endpoint.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.Endpoint=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp};class Endpoint{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cloudfront.Endpoint",version:"2.252.0"};static fromKinesisStream(stream,role){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_kinesis_IStream(stream),jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IRole(role)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromKinesisStream),error}return new class extends Endpoint{_renderEndpoint(scope){const cloudfrontRole=role??this.singletonKinesisRole(scope);return stream.grant(cloudfrontRole,"kinesis:DescribeStreamSummary","kinesis:DescribeStream","kinesis:PutRecord","kinesis:PutRecords"),stream.encryptionKey&&stream.encryptionKey.grant(cloudfrontRole,"kms:GenerateDataKey"),{kinesisStreamConfig:{roleArn:cloudfrontRole.roleArn,streamArn:stream.streamArn},streamType:"Kinesis"}}}}constructor(){}singletonKinesisRole(scope){const id="RealtimeLogKinesisRole",existing=scope.node.tryFindChild(id);return existing||new(iam()).Role(scope,id,{roleName:core_1().PhysicalName.GENERATE_IF_NEEDED,assumedBy:new(iam()).ServicePrincipal("cloudfront.amazonaws.com")})}}exports.Endpoint=Endpoint;

98
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.d.ts generated vendored Normal file
View File

@@ -0,0 +1,98 @@
import type { Construct, Node } from 'constructs';
import type * as cloudwatch from '../../../aws-cloudwatch';
import type * as ec2 from '../../../aws-ec2';
import * as iam from '../../../aws-iam';
import * as lambda from '../../../aws-lambda';
import { Resource } from '../../../core';
/**
* Properties for creating a Lambda@Edge function
*/
export interface EdgeFunctionProps extends lambda.FunctionProps {
/**
* The stack ID of Lambda@Edge function.
*
* @default - `edge-lambda-stack-${region}`
*/
readonly stackId?: string;
}
/**
* A Lambda@Edge function.
*
* Convenience resource for requesting a Lambda function in the 'us-east-1' region for use with Lambda@Edge.
* Implements several restrictions enforced by Lambda@Edge.
*
* Note that this construct requires that the 'us-east-1' region has been bootstrapped.
* See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html or 'cdk bootstrap --help' for options.
*
* @resource AWS::Lambda::Function
*/
export declare class EdgeFunction extends Resource implements lambda.IVersion {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
private static readonly EDGE_REGION;
readonly edgeArn: string;
readonly functionName: string;
readonly functionArn: string;
readonly grantPrincipal: iam.IPrincipal;
readonly isBoundToVpc = false;
readonly permissionsNode: Node;
readonly role?: iam.IRole;
readonly version: string;
readonly architecture: lambda.Architecture;
readonly resourceArnsForGrantInvoke: string[];
private readonly _edgeFunction;
constructor(scope: Construct, id: string, props: EdgeFunctionProps);
get versionRef(): lambda.VersionReference;
get functionRef(): lambda.FunctionReference;
get lambda(): lambda.IFunction;
/**
* Convenience method to make `EdgeFunction` conform to the same interface as `Function`.
*/
get currentVersion(): lambda.IVersion;
addAlias(aliasName: string, options?: lambda.AliasOptions): lambda.Alias;
/**
* Not supported. Connections are only applicable to VPC-enabled functions.
*/
get connections(): ec2.Connections;
get latestVersion(): lambda.IVersion;
addEventSourceMapping(id: string, options: lambda.EventSourceMappingOptions): lambda.EventSourceMapping;
addPermission(id: string, permission: lambda.Permission): void;
addToRolePolicy(statement: iam.PolicyStatement): void;
/**
* [disable-awslint:no-grants]
*/
grantInvoke(identity: iam.IGrantable): iam.Grant;
/**
* [disable-awslint:no-grants]
*/
grantInvokeLatestVersion(identity: iam.IGrantable): iam.Grant;
/**
* [disable-awslint:no-grants]
*/
grantInvokeVersion(identity: iam.IGrantable, version: lambda.IVersion): iam.Grant;
/**
* [disable-awslint:no-grants]
*/
grantInvokeUrl(identity: iam.IGrantable): iam.Grant;
/**
* [disable-awslint:no-grants]
*/
grantInvokeCompositePrincipal(compositePrincipal: iam.CompositePrincipal): iam.Grant[];
metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
metricDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
metricErrors(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
metricInvocations(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
metricThrottles(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/** Adds an event source to this function. */
addEventSource(source: lambda.IEventSource): void;
configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void;
addFunctionUrl(options?: lambda.FunctionUrlOptions): lambda.FunctionUrl;
/** Create a function in-region */
private createInRegionFunction;
/** Create a support stack and function in us-east-1, and a SSM reader in-region */
private createCrossRegionFunction;
private createCrossRegionArnReader;
private edgeStack;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/experimental/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './edge-function';

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/experimental/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.EdgeFunction=void 0,Object.defineProperty(exports,_noFold="EdgeFunction",{enumerable:!0,configurable:!0,get:()=>{var value=require("./edge-function").EdgeFunction;return Object.defineProperty(exports,_noFold="EdgeFunction",{enumerable:!0,configurable:!0,value}),value}});

186
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/function.d.ts generated vendored Normal file
View File

@@ -0,0 +1,186 @@
import type { Construct } from 'constructs';
import type { FunctionReference, IFunctionRef, IKeyValueStoreRef } from './cloudfront.generated';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* Represents the function's source code
*/
export declare abstract class FunctionCode {
/**
* Inline code for function
* @returns code object with inline code.
* @param code The actual function code
*/
static fromInline(code: string): FunctionCode;
/**
* Code from external file for function
* @returns code object with contents from file.
* @param options the options for the external file
*/
static fromFile(options: FileCodeOptions): FunctionCode;
/**
* renders the function code
*/
abstract render(): string;
}
/**
* Options when reading the function's code from an external file
*/
export interface FileCodeOptions {
/**
* The path of the file to read the code from
*/
readonly filePath: string;
}
/**
* Represents a CloudFront Function
*/
export interface IFunction extends IResource, IFunctionRef {
/**
* The name of the function.
* @attribute
*/
readonly functionName: string;
/**
* The ARN of the function.
* @attribute
*/
readonly functionArn: string;
}
/**
* Attributes of an existing CloudFront Function to import it
*/
export interface FunctionAttributes {
/**
* The name of the function.
*/
readonly functionName: string;
/**
* The ARN of the function.
*/
readonly functionArn: string;
/**
* The Runtime of the function.
* @default FunctionRuntime.JS_1_0
*/
readonly functionRuntime?: string;
}
/**
* Properties for creating a CloudFront Function
*/
export interface FunctionProps {
/**
* A name to identify the function.
* @default - generated from the `id`
*/
readonly functionName?: string;
/**
* A comment to describe the function.
* @default - same as `functionName`
*/
readonly comment?: string;
/**
* The source code of the function.
*/
readonly code: FunctionCode;
/**
* The runtime environment for the function.
* @default FunctionRuntime.JS_1_0 (unless `keyValueStore` is specified, then `FunctionRuntime.JS_2_0`)
*/
readonly runtime?: FunctionRuntime;
/**
* The Key Value Store to associate with this function.
*
* In order to associate a Key Value Store, the `runtime` must be
* `cloudfront-js-2.0` or newer.
*
* @default - no key value store is associated
*/
readonly keyValueStore?: IKeyValueStoreRef;
/**
* A flag that determines whether to automatically publish the function to the LIVE stage when its created.
*
* @default - true
*/
readonly autoPublish?: boolean;
}
/**
* A CloudFront Function
*
* @resource AWS::CloudFront::Function
*/
export declare class Function extends Resource implements IFunction {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/** Imports a function by its name and ARN */
static fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes): IFunction;
/**
* the name of the CloudFront function
* @attribute
*/
readonly functionName: string;
/**
* the ARN of the CloudFront function
* @attribute
*/
readonly functionArn: string;
/**
* the deployment stage of the CloudFront function
* @attribute
*/
readonly functionStage: string;
/**
* the runtime of the CloudFront function
* @attribute
*/
readonly functionRuntime: string;
readonly functionRef: FunctionReference;
constructor(scope: Construct, id: string, props: FunctionProps);
private generateName;
}
/**
* The type of events that a CloudFront function can be invoked in response to.
*/
export declare enum FunctionEventType {
/**
* The viewer-request specifies the incoming request
*/
VIEWER_REQUEST = "viewer-request",
/**
* The viewer-response specifies the outgoing response
*/
VIEWER_RESPONSE = "viewer-response"
}
/**
* Represents a CloudFront function and event type when using CF Functions.
* The type of the `AddBehaviorOptions.functionAssociations` property.
*/
export interface FunctionAssociation {
/**
* The CloudFront function that will be invoked.
*/
readonly function: IFunctionRef;
/** The type of event which should invoke the function. */
readonly eventType: FunctionEventType;
}
/**
* The function's runtime environment version.
*/
export declare class FunctionRuntime {
readonly value: string;
/**
* cloudfront-js-1.0
*/
static readonly JS_1_0: FunctionRuntime;
/**
* cloudfront-js-2.0
*/
static readonly JS_2_0: FunctionRuntime;
/**
* A custom runtime string.
*
* Gives full control over the runtime string fragment.
*/
static custom(runtimeString: string): FunctionRuntime;
private constructor();
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/function.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

34
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/geo-restriction.d.ts generated vendored Normal file
View File

@@ -0,0 +1,34 @@
/**
* Controls the countries in which content is distributed.
*/
export declare class GeoRestriction {
readonly restrictionType: 'whitelist' | 'blacklist';
readonly locations: string[];
/**
* Allow specific countries which you want CloudFront to distribute your content.
*
* @param locations Two-letter, uppercase country code for a country
* that you want to allow. Include one element for each country.
* See ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website
*/
static allowlist(this: void, ...locations: string[]): GeoRestriction;
/**
* Deny specific countries which you don't want CloudFront to distribute your content.
*
* @param locations Two-letter, uppercase country code for a country
* that you want to deny. Include one element for each country.
* See ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website
*/
static denylist(this: void, ...locations: string[]): GeoRestriction;
private static LOCATION_REGEX;
private static validateLocations;
/**
* Creates an instance of GeoRestriction for internal use
*
* @param restrictionType Specifies the restriction type to impose
* @param locations Two-letter, uppercase country code for a country
* that you want to allow/deny. Include one element for each country.
* See ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website
*/
private constructor();
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/geo-restriction.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.GeoRestriction=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class GeoRestriction{restrictionType;locations;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cloudfront.GeoRestriction",version:"2.252.0"};static allowlist(...locations){return new GeoRestriction("whitelist",GeoRestriction.validateLocations(locations))}static denylist(...locations){return new GeoRestriction("blacklist",GeoRestriction.validateLocations(locations))}static whitelist(...locations){return GeoRestriction.allowlist(...locations)}static blacklist(...locations){return GeoRestriction.denylist(...locations)}static LOCATION_REGEX=/^[A-Z]{2}$/;static validateLocations(locations){if(locations.length===0)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`ShouldProvideAtLeastOneLocation`,"Should provide at least 1 location");return locations.forEach(location=>{if(!GeoRestriction.LOCATION_REGEX.test(location))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidLocationFormat`,`Invalid location format for location: ${location}, location should be two-letter and uppercase country ISO 3166-1-alpha-2 code`)}),locations}constructor(restrictionType,locations){this.restrictionType=restrictionType,this.locations=locations}}exports.GeoRestriction=GeoRestriction;

19
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,19 @@
export * from './cache-policy';
export * from './distribution';
export * from './endpoint';
export * from './function';
export * from './geo-restriction';
export * from './key-group';
export * from './key-value-store';
export * from './origin';
export * from './origin-access-identity';
export * from './origin-request-policy';
export * from './public-key';
export * from './realtime-log-config';
export * from './response-headers-policy';
export * from './web-distribution';
export * from './origin-access-control';
export * from './vpc-origin';
export * as experimental from './experimental';
export * from './cloudfront.generated';
export * from './cloudfront-grants.generated';

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

48
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/key-group.d.ts generated vendored Normal file
View File

@@ -0,0 +1,48 @@
import type { Construct } from 'constructs';
import type { IKeyGroupRef, IPublicKeyRef, KeyGroupReference } from './cloudfront.generated';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* Represents a Key Group
*/
export interface IKeyGroup extends IResource, IKeyGroupRef {
/**
* The ID of the key group.
* @attribute
*/
readonly keyGroupId: string;
}
/**
* Properties for creating a Public Key
*/
export interface KeyGroupProps {
/**
* A name to identify the key group.
* @default - generated from the `id`
*/
readonly keyGroupName?: string;
/**
* A comment to describe the key group.
* @default - no comment
*/
readonly comment?: string;
/**
* A list of public keys to add to the key group.
*/
readonly items: IPublicKeyRef[];
}
/**
* A Key Group configuration
*
* @resource AWS::CloudFront::KeyGroup
*/
export declare class KeyGroup extends Resource implements IKeyGroup {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/** Imports a Key Group from its id. */
static fromKeyGroupId(scope: Construct, id: string, keyGroupId: string): IKeyGroup;
readonly keyGroupId: string;
readonly keyGroupRef: KeyGroupReference;
constructor(scope: Construct, id: string, props: KeyGroupProps);
private generateName;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/key-group.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.KeyGroup=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var cloudfront_generated_1=()=>{var tmp=require("./cloudfront.generated");return cloudfront_generated_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};let KeyGroup=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource;var KeyGroup2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),KeyGroup2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cloudfront.KeyGroup",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cloudfront.KeyGroup";static fromKeyGroupId(scope,id,keyGroupId){return new class extends core_1().Resource{keyGroupId=keyGroupId;keyGroupRef={keyGroupId}}(scope,id)}keyGroupId;keyGroupRef;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cloudfront_KeyGroupProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,KeyGroup2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const resource=new(cloudfront_generated_1()).CfnKeyGroup(this,"Resource",{keyGroupConfig:{name:props.keyGroupName??this.generateName(),comment:props.comment,items:props.items.map(key=>key.publicKeyRef.publicKeyId)}});this.keyGroupRef=resource.keyGroupRef,this.keyGroupId=resource.ref}generateName(){const name=core_1().Names.uniqueId(this);return name.length>80?name.substring(0,40)+name.substring(name.length-40):name}static{__runInitializers(_classThis,_classExtraInitializers)}};return KeyGroup2=_classThis})();exports.KeyGroup=KeyGroup;

157
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/key-value-store.d.ts generated vendored Normal file
View File

@@ -0,0 +1,157 @@
import type { Construct } from 'constructs';
import type { IKeyValueStoreRef, KeyValueStoreReference } from './cloudfront.generated';
import { CfnKeyValueStore } from './cloudfront.generated';
import type * as s3 from '../../aws-s3';
import * as s3_assets from '../../aws-s3-assets';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* The data to be imported to the key value store.
*/
export declare abstract class ImportSource {
/**
* An import source that exists as an object in an S3 bucket.
*
* @param bucket the S3 bucket that contains the data
* @param key the key within the S3 bucket that contains the data
*/
static fromBucket(bucket: s3.IBucket, key: string): ImportSource;
/**
* An import source that exists as a local file.
*
* @param path the path to the local file
* @param options the configuration for the temporarily created S3 file
*/
static fromAsset(path: string, options?: s3_assets.AssetOptions): ImportSource;
/**
* An import source that uses an inline string.
*
* @param data the contents of the KeyValueStore
*/
static fromInline(data: string): ImportSource;
/**
* Called when the key value store is initialized to allow the import source to
* be bound to the stack.
*
* The method is primarily intended for internal use.
*
* @param scope the binding scope
* @internal
*/
abstract _bind(scope: Construct): CfnKeyValueStore.ImportSourceProperty;
}
/**
* An import source from an S3 object.
*/
export declare class S3ImportSource extends ImportSource {
readonly bucket: s3.IBucket;
readonly key: string;
/**
* @param bucket the S3 bucket that contains the data
* @param key the key within the S3 bucket that contains the data
*/
constructor(bucket: s3.IBucket, key: string);
/**
* @internal
*/
_bind(_scope: Construct): CfnKeyValueStore.ImportSourceProperty;
}
/**
* An import source from a local file.
*/
export declare class AssetImportSource extends ImportSource {
readonly path: string;
private readonly options;
private asset?;
/**
* @param path the path to the local file
* @param options the configuration for the temporarily created S3 file
*/
constructor(path: string, options?: s3_assets.AssetOptions);
/**
* @internal
*/
_bind(scope: Construct): CfnKeyValueStore.ImportSourceProperty;
}
/**
* An import source from an inline string.
*/
export declare class InlineImportSource extends ImportSource {
readonly data: string;
private asset?;
/**
* @param data the contents of the KeyValueStore
*/
constructor(data: string);
/**
* @internal
*/
_bind(scope: Construct): CfnKeyValueStore.ImportSourceProperty;
}
/**
* The properties to create a Key Value Store.
*/
export interface KeyValueStoreProps {
/**
* The unique name of the Key Value Store.
*
* @default A generated name
*/
readonly keyValueStoreName?: string;
/**
* A comment for the Key Value Store
*
* @default No comment will be specified
*/
readonly comment?: string;
/**
* The import source for the Key Value Store.
*
* This will populate the initial items in the Key Value Store. The
* source data must be in a valid JSON format.
*
* @default No data will be imported to the store
*/
readonly source?: ImportSource;
}
/**
* A CloudFront Key Value Store.
*/
export interface IKeyValueStore extends IResource, IKeyValueStoreRef {
/**
* The ARN of the Key Value Store.
*
* @attribute
*/
readonly keyValueStoreArn: string;
/**
* The Unique ID of the Key Value Store.
*
* @attribute
*/
readonly keyValueStoreId: string;
/**
* The status of the Key Value Store.
*
* @attribute
*/
readonly keyValueStoreStatus: string;
}
/**
* A CloudFront Key Value Store.
*
* @resource AWS::CloudFront::KeyValueStore
*/
export declare class KeyValueStore extends Resource implements IKeyValueStore {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a Key Value Store using its ARN.
*/
static fromKeyValueStoreArn(scope: Construct, id: string, keyValueStoreArn: string): IKeyValueStore;
readonly keyValueStoreArn: string;
readonly keyValueStoreId: string;
readonly keyValueStoreStatus: string;
readonly keyValueStoreRef: KeyValueStoreReference;
constructor(scope: Construct, id: string, props?: KeyValueStoreProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/key-value-store.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

203
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin-access-control.d.ts generated vendored Normal file
View File

@@ -0,0 +1,203 @@
import type { Construct } from 'constructs';
import type { IResource } from '../../core';
import { Resource } from '../../core';
import type { IOriginAccessControlRef, OriginAccessControlReference } from '../../interfaces/generated/aws-cloudfront-interfaces.generated';
/**
* Represents a CloudFront Origin Access Control
*/
export interface IOriginAccessControl extends IResource, IOriginAccessControlRef {
/**
* The unique identifier of the origin access control.
* @attribute
*/
readonly originAccessControlId: string;
}
/**
* Common properties for creating a Origin Access Control resource.
*/
export interface OriginAccessControlBaseProps {
/**
* A description of the origin access control.
*
* @default - no description
*/
readonly description?: string;
/**
* A name to identify the origin access control, with a maximum length of 64 characters.
*
* @default - a generated name
*/
readonly originAccessControlName?: string;
/**
* Specifies which requests CloudFront signs and the signing protocol.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig-signingbehavior
*
* @default SIGV4_ALWAYS
*/
readonly signing?: Signing;
}
/**
* The level of permissions granted to the CloudFront Distribution when configuring OAC
*/
export declare enum AccessLevel {
/**
* Grants read permissions to CloudFront Distribution
*/
READ = "READ",
/**
* Grants versioned read permissions to CloudFront Distribution
*/
READ_VERSIONED = "READ_VERSIONED",
/**
* Grants list permissions to CloudFront Distribution
*/
LIST = "LIST",
/**
* Grants write permission to CloudFront Distribution
*/
WRITE = "WRITE",
/**
* Grants delete permission to CloudFront Distribution
*/
DELETE = "DELETE"
}
/**
* Properties for creating a S3 Origin Access Control resource.
*/
export interface S3OriginAccessControlProps extends OriginAccessControlBaseProps {
}
/**
* Properties for creating a Lambda Function URL Origin Access Control resource.
*/
export interface FunctionUrlOriginAccessControlProps extends OriginAccessControlBaseProps {
}
/**
* Origin types supported by Origin Access Control.
*/
export declare enum OriginAccessControlOriginType {
/**
* Uses an Amazon S3 bucket origin.
*/
S3 = "s3",
/**
* Uses a Lambda function URL origin.
*/
LAMBDA = "lambda",
/**
* Uses an AWS Elemental MediaStore origin.
*/
MEDIASTORE = "mediastore",
/**
* Uses an AWS Elemental MediaPackage v2 origin.
*/
MEDIAPACKAGEV2 = "mediapackagev2"
}
/**
* Options for which requests CloudFront signs.
* The recommended setting is `always`.
*/
export declare enum SigningBehavior {
/**
* Sign all origin requests, overwriting the Authorization header
* from the viewer request if one exists.
*/
ALWAYS = "always",
/**
* Do not sign any origin requests.
* This value turns off origin access control for all origins in all
* distributions that use this origin access control.
*/
NEVER = "never",
/**
* Sign origin requests only if the viewer request
* doesn't contain the Authorization header.
*/
NO_OVERRIDE = "no-override"
}
/**
* The signing protocol of the Origin Access Control.
*/
export declare enum SigningProtocol {
/**
* The AWS Signature Version 4 signing protocol.
*/
SIGV4 = "sigv4"
}
/**
* Options for how CloudFront signs requests.
*/
export declare class Signing {
/**
* Sign all origin requests using the AWS Signature Version 4 signing protocol.
*/
static readonly SIGV4_ALWAYS: Signing;
/**
* Sign only if the viewer request doesn't contain the Authorization header
* using the AWS Signature Version 4 signing protocol.
*/
static readonly SIGV4_NO_OVERRIDE: Signing;
/**
* Do not sign any origin requests.
*/
static readonly NEVER: Signing;
/**
* The signing protocol
*/
readonly protocol: SigningProtocol;
/**
* Which requests CloudFront signs.
*/
readonly behavior: SigningBehavior;
constructor(protocol: SigningProtocol, behavior: SigningBehavior);
}
/**
* An Origin Access Control.
* @internal
*/
export declare abstract class OriginAccessControlBase extends Resource implements IOriginAccessControl {
/**
* The Id of the origin access control
* @attribute
*/
abstract readonly originAccessControlId: string;
get originAccessControlRef(): OriginAccessControlReference;
}
/**
* An Origin Access Control for Amazon S3 origins.
* @resource AWS::CloudFront::OriginAccessControl
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html
*/
export declare class S3OriginAccessControl extends OriginAccessControlBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Imports an S3 origin access control from its id.
*/
static fromOriginAccessControlId(scope: Construct, id: string, originAccessControlId: string): IOriginAccessControl;
/**
* The unique identifier of this Origin Access Control.
* @attribute
*/
readonly originAccessControlId: string;
constructor(scope: Construct, id: string, props?: S3OriginAccessControlProps);
}
/**
* An Origin Access Control for Lambda Function URLs.
* @resource AWS::CloudFront::OriginAccessControl
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html
*/
export declare class FunctionUrlOriginAccessControl extends OriginAccessControlBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Imports a Lambda Function URL origin access control from its id.
*/
static fromOriginAccessControlId(scope: Construct, id: string, originAccessControlId: string): IOriginAccessControl;
/**
* The unique identifier of this Origin Access Control.
* @attribute
*/
readonly originAccessControlId: string;
constructor(scope: Construct, id: string, props?: FunctionUrlOriginAccessControlProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin-access-control.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

110
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin-access-identity.d.ts generated vendored Normal file
View File

@@ -0,0 +1,110 @@
import type { Construct } from 'constructs';
import type { CloudFrontOriginAccessIdentityReference, ICloudFrontOriginAccessIdentityRef } from './cloudfront.generated';
import * as iam from '../../aws-iam';
import * as cdk from '../../core';
/**
* Properties of CloudFront OriginAccessIdentity
*/
export interface OriginAccessIdentityProps {
/**
* Any comments you want to include about the origin access identity.
*
* @default "Allows CloudFront to reach the bucket"
*/
readonly comment?: string;
}
/**
* Interface for CloudFront OriginAccessIdentity
*/
export interface IOriginAccessIdentity extends cdk.IResource, iam.IGrantable, ICloudFrontOriginAccessIdentityRef {
/**
* The Origin Access Identity Id (physical id)
* It is misnamed and superseded by the correctly named originAccessIdentityId
*
* @deprecated use originAccessIdentityId instead
*/
readonly originAccessIdentityName: string;
/**
* The Origin Access Identity Id (physical id)
* This was called originAccessIdentityName before
*/
readonly originAccessIdentityId: string;
}
declare abstract class OriginAccessIdentityBase extends cdk.Resource {
/**
* The Origin Access Identity Id (physical id)
* It is misnamed and superseded by the correctly named originAccessIdentityId
*
* @deprecated use originAccessIdentityId instead
*/
abstract readonly originAccessIdentityName: string;
/**
* The Origin Access Identity Id (physical id)
* This was called originAccessIdentityName before
*/
abstract readonly originAccessIdentityId: string;
/**
* Derived principal value for bucket access
*/
abstract readonly grantPrincipal: iam.IPrincipal;
/**
* The ARN to include in S3 bucket policy to allow CloudFront access
*/
protected arn(): string;
}
/**
* An origin access identity is a special CloudFront user that you can
* associate with Amazon S3 origins, so that you can secure all or just some of
* your Amazon S3 content.
*
* @resource AWS::CloudFront::CloudFrontOriginAccessIdentity
*/
export declare class OriginAccessIdentity extends OriginAccessIdentityBase implements IOriginAccessIdentity {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.
* It is misnamed and superseded by the correctly named fromOriginAccessIdentityId.
*
* @deprecated use `fromOriginAccessIdentityId`
*/
static fromOriginAccessIdentityName(scope: Construct, id: string, originAccessIdentityName: string): IOriginAccessIdentity;
/**
* Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.
*/
static fromOriginAccessIdentityId(scope: Construct, id: string, originAccessIdentityId: string): IOriginAccessIdentity;
/**
* The Amazon S3 canonical user ID for the origin access identity, used when
* giving the origin access identity read permission to an object in Amazon
* S3.
*
* @attribute
*/
readonly cloudFrontOriginAccessIdentityS3CanonicalUserId: string;
/**
* Derived principal value for bucket access
*/
readonly grantPrincipal: iam.IPrincipal;
/**
* The Origin Access Identity Id (physical id)
* It is misnamed and superseded by the correctly named originAccessIdentityId
*
* @attribute
* @deprecated use originAccessIdentityId instead
*/
get originAccessIdentityName(): string;
/**
* The Origin Access Identity Id (physical id)
* This was called originAccessIdentityName before
*
* @attribute
*/
get originAccessIdentityId(): string;
readonly cloudFrontOriginAccessIdentityRef: CloudFrontOriginAccessIdentityReference;
/**
* CDK L1 resource
*/
private readonly resource;
constructor(scope: Construct, id: string, props?: OriginAccessIdentityProps);
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin-access-identity.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

143
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin-request-policy.d.ts generated vendored Normal file
View File

@@ -0,0 +1,143 @@
import type { Construct } from 'constructs';
import type { IOriginRequestPolicyRef, OriginRequestPolicyReference } from './cloudfront.generated';
import { Resource } from '../../core';
/**
* Represents a Origin Request Policy
*/
export interface IOriginRequestPolicy extends IOriginRequestPolicyRef {
/**
* The ID of the origin request policy
* @attribute
*/
readonly originRequestPolicyId: string;
}
/**
* Properties for creating a Origin Request Policy
*/
export interface OriginRequestPolicyProps {
/**
* A unique name to identify the origin request policy.
* The name must only include '-', '_', or alphanumeric characters.
* @default - generated from the `id`
*/
readonly originRequestPolicyName?: string;
/**
* A comment to describe the origin request policy.
* @default - no comment
*/
readonly comment?: string;
/**
* The cookies from viewer requests to include in origin requests.
* @default OriginRequestCookieBehavior.none()
*/
readonly cookieBehavior?: OriginRequestCookieBehavior;
/**
* The HTTP headers to include in origin requests. These can include headers from viewer requests and additional headers added by CloudFront.
* @default OriginRequestHeaderBehavior.none()
*/
readonly headerBehavior?: OriginRequestHeaderBehavior;
/**
* The URL query strings from viewer requests to include in origin requests.
* @default OriginRequestQueryStringBehavior.none()
*/
readonly queryStringBehavior?: OriginRequestQueryStringBehavior;
}
/**
* A Origin Request Policy configuration.
*
* @resource AWS::CloudFront::OriginRequestPolicy
*/
export declare class OriginRequestPolicy extends Resource implements IOriginRequestPolicy {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/** This policy includes only the User-Agent and Referer headers. It doesnt include any query strings or cookies. */
static readonly USER_AGENT_REFERER_HEADERS: IOriginRequestPolicy;
/** This policy includes the header that enables cross-origin resource sharing (CORS) requests when the origin is a custom origin. */
static readonly CORS_CUSTOM_ORIGIN: IOriginRequestPolicy;
/** This policy includes the headers that enable cross-origin resource sharing (CORS) requests when the origin is an Amazon S3 bucket. */
static readonly CORS_S3_ORIGIN: IOriginRequestPolicy;
/** This policy includes all values (query strings, headers, and cookies) in the viewer request. */
static readonly ALL_VIEWER: IOriginRequestPolicy;
/** This policy is designed for use with an origin that is an AWS Elemental MediaTailor endpoint. */
static readonly ELEMENTAL_MEDIA_TAILOR: IOriginRequestPolicy;
/** This policy includes all values (headers, cookies, and query strings) in the viewer request, and all CloudFront headers that were released through June 2022 (CloudFront headers released after June 2022 are not included). */
static readonly ALL_VIEWER_AND_CLOUDFRONT_2022: IOriginRequestPolicy;
/** This policy includes all values (query strings, and cookies) except the header in the viewer request. */
static readonly ALL_VIEWER_EXCEPT_HOST_HEADER: IOriginRequestPolicy;
/** Imports a Origin Request Policy from its id. */
static fromOriginRequestPolicyId(scope: Construct, id: string, originRequestPolicyId: string): IOriginRequestPolicy;
/** Use an existing managed origin request policy. */
private static fromManagedOriginRequestPolicy;
readonly originRequestPolicyId: string;
readonly originRequestPolicyRef: OriginRequestPolicyReference;
constructor(scope: Construct, id: string, props?: OriginRequestPolicyProps);
}
/**
* Determines whether any cookies in viewer requests (and if so, which cookies)
* are included in requests that CloudFront sends to the origin.
*/
export declare class OriginRequestCookieBehavior {
/**
* Cookies in viewer requests are not included in requests that CloudFront sends to the origin.
* Any cookies that are listed in a CachePolicy are still included in origin requests.
*/
static none(): OriginRequestCookieBehavior;
/** All cookies in viewer requests are included in requests that CloudFront sends to the origin. */
static all(): OriginRequestCookieBehavior;
/** All cookies except the provided `cookies` are included in requests that CloudFront sends to the origin. */
static denyList(...cookies: string[]): OriginRequestCookieBehavior;
/** Only the provided `cookies` are included in requests that CloudFront sends to the origin. */
static allowList(...cookies: string[]): OriginRequestCookieBehavior;
/** The behavior of cookies: allow all, none or an allow list. */
readonly behavior: string;
/** The cookies to allow, if the behavior is an allow list. */
readonly cookies?: string[];
private constructor();
}
/**
* Determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin.
*/
export declare class OriginRequestHeaderBehavior {
/**
* HTTP headers are not included in requests that CloudFront sends to the origin.
* Any headers that are listed in a CachePolicy are still included in origin requests.
*/
static none(): OriginRequestHeaderBehavior;
/**
* All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.
* Additionally, any additional CloudFront headers provided are included; the additional headers are added by CloudFront.
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-cloudfront-headers.html
*/
static all(...cloudfrontHeaders: string[]): OriginRequestHeaderBehavior;
/** Listed headers are included in requests that CloudFront sends to the origin. */
static allowList(...headers: string[]): OriginRequestHeaderBehavior;
/** All headers except the provided `headers` are included in requests that CloudFront sends to the origin. */
static denyList(...headers: string[]): OriginRequestHeaderBehavior;
/** The behavior of headers: allow all, none or an allow list. */
readonly behavior: string;
/** The headers for the allow list or the included CloudFront headers, if applicable. */
readonly headers?: string[];
private constructor();
}
/**
* Determines whether any URL query strings in viewer requests (and if so, which query strings)
* are included in requests that CloudFront sends to the origin.
*/
export declare class OriginRequestQueryStringBehavior {
/**
* Query strings in viewer requests are not included in requests that CloudFront sends to the origin.
* Any query strings that are listed in a CachePolicy are still included in origin requests.
*/
static none(): OriginRequestQueryStringBehavior;
/** All query strings in viewer requests are included in requests that CloudFront sends to the origin. */
static all(): OriginRequestQueryStringBehavior;
/** Only the provided `queryStrings` are included in requests that CloudFront sends to the origin. */
static allowList(...queryStrings: string[]): OriginRequestQueryStringBehavior;
/** All query strings except the provided `queryStrings` are included in requests that CloudFront sends to the origin. */
static denyList(...queryStrings: string[]): OriginRequestQueryStringBehavior;
/** The behavior of query strings -- allow all, none, or only an allow list. */
readonly behavior: string;
/** The query strings to allow, if the behavior is an allow list. */
readonly queryStrings?: string[];
private constructor();
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin-request-policy.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

213
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin.d.ts generated vendored Normal file
View File

@@ -0,0 +1,213 @@
import type { Construct } from 'constructs';
import type { CfnDistribution } from './cloudfront.generated';
import type { Duration } from '../../core';
/**
* The selection criteria for the origin group.
*/
export declare enum OriginSelectionCriteria {
/**
* Default selection behavior.
*/
DEFAULT = "default",
/**
* Selection based on media quality.
*
* This option is only valid for AWS Elemental MediaPackage v2 Origins.
*/
MEDIA_QUALITY_BASED = "media-quality-based"
}
/**
* The IP address type for the origin.
* Determines whether CloudFront uses IPv4, IPv6, or both when connecting to the origin.
*/
export declare enum OriginIpAddressType {
/**
* Use only IPv4 addresses
*/
IPV4 = "ipv4",
/**
* Use only IPv6 addresses
*/
IPV6 = "ipv6",
/**
* Use both IPv4 and IPv6 addresses
*/
DUALSTACK = "dualstack"
}
/**
* The failover configuration used for Origin Groups,
* returned in `OriginBindConfig.failoverConfig`.
*/
export interface OriginFailoverConfig {
/** The origin to use as the fallback origin. */
readonly failoverOrigin: IOrigin;
/**
* The HTTP status codes of the response that trigger querying the failover Origin.
*
* @default - 500, 502, 503 and 504
*/
readonly statusCodes?: number[];
}
/** The struct returned from `IOrigin.bind`. */
export interface OriginBindConfig {
/**
* The CloudFormation OriginProperty configuration for this Origin.
*
* @default - nothing is returned
*/
readonly originProperty?: CfnDistribution.OriginProperty;
/**
* The failover configuration for this Origin.
*
* @default - nothing is returned
*/
readonly failoverConfig?: OriginFailoverConfig;
/**
* The selection criteria for how your origins are selected.
*
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html#concept_origin_groups.creating
*
* @default - OriginSelectionCriteria.DEFAULT
*/
readonly selectionCriteria?: OriginSelectionCriteria;
}
/**
* Represents the concept of a CloudFront Origin.
* You provide one or more origins when creating a Distribution.
*/
export interface IOrigin {
/**
* The method called when a given Origin is added
* (for the first time) to a Distribution.
*/
bind(scope: Construct, options: OriginBindOptions): OriginBindConfig;
}
/**
* Options to define an Origin.
*/
export interface OriginOptions {
/**
* The number of seconds that CloudFront waits when trying to establish a connection to the origin.
* Valid values are 1-10 seconds, inclusive.
*
* @default Duration.seconds(10)
*/
readonly connectionTimeout?: Duration;
/**
* The number of times that CloudFront attempts to connect to the origin; valid values are 1, 2, or 3 attempts.
*
* @default 3
*/
readonly connectionAttempts?: number;
/**
* A list of HTTP header names and values that CloudFront adds to requests it sends to the origin.
*
* @default {}
*/
readonly customHeaders?: Record<string, string>;
/**
* When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
*
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
*
* @default - origin shield not enabled
*/
readonly originShieldRegion?: string;
/**
* Origin Shield is enabled by setting originShieldRegion to a valid region, after this to disable Origin Shield again you must set this flag to false.
*
* @default - true
*/
readonly originShieldEnabled?: boolean;
/**
* A unique identifier for the origin. This value must be unique within the distribution.
*
* @default - an originid will be generated for you
*/
readonly originId?: string;
/**
* The unique identifier of an origin access control for this origin.
*
* @default - no origin access control
*/
readonly originAccessControlId?: string;
/**
* The time that a request from CloudFront to the origin can stay open and wait for a response.
*
* If the complete response isn't received from the origin by this time, CloudFront ends the connection.
*
* Valid values are 1-3600 seconds, inclusive.
*
* @default undefined - AWS CloudFront default is not enforcing a maximum value
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#response-completion-timeout
*/
readonly responseCompletionTimeout?: Duration;
}
/**
* Properties to define an Origin.
*/
export interface OriginProps extends OriginOptions {
/**
* An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin.
* Must begin, but not end, with '/' (e.g., '/production/images').
*
* @default '/'
*/
readonly originPath?: string;
}
/**
* Options passed to Origin.bind().
*/
export interface OriginBindOptions {
/**
* The identifier of this Origin,
* as assigned by the Distribution this Origin has been used added to.
*/
readonly originId: string;
/**
* The identifier of the Distribution this Origin is used for.
* This is used to grant origin access permissions to the distribution for origin access control.
*
* @default - no distribution id
*/
readonly distributionId?: string;
}
/**
* Represents a distribution origin, that describes the Amazon S3 bucket, HTTP server (for example, a web server),
* Amazon MediaStore, or other server from which CloudFront gets your files.
*/
export declare abstract class OriginBase implements IOrigin {
private readonly domainName;
private readonly originPath?;
private readonly connectionTimeout?;
private readonly connectionAttempts?;
private readonly customHeaders?;
private readonly originShieldRegion?;
private readonly originShieldEnabled;
private readonly originId?;
private readonly originAccessControlId?;
private readonly responseCompletionTimeout?;
protected constructor(domainName: string, props?: OriginProps);
/**
* Validates that responseCompletionTimeout is greater than or equal to readTimeout
* when both are specified. This method should be called by subclasses that support readTimeout.
*/
protected validateResponseCompletionTimeoutWithReadTimeout(responseCompletionTimeout?: Duration, readTimeout?: Duration): void;
/**
* Binds the origin to the associated Distribution. Can be used to grant permissions, create dependent resources, etc.
*/
bind(scope: Construct, options: OriginBindOptions): OriginBindConfig;
protected renderS3OriginConfig(): CfnDistribution.S3OriginConfigProperty | undefined;
protected renderCustomOriginConfig(): CfnDistribution.CustomOriginConfigProperty | undefined;
protected renderVpcOriginConfig(): CfnDistribution.VpcOriginConfigProperty | undefined;
private renderCustomHeaders;
/**
* If the path is defined, it must start with a '/' and not end with a '/'.
* This method takes in the originPath, and returns it back (if undefined) or adds/removes the '/' as appropriate.
*/
private validateOriginPath;
/**
* Takes origin shield region and converts to CfnDistribution.OriginShieldProperty
*/
private renderOriginShield;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/origin.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

35
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/private/cache-behavior.d.ts generated vendored Normal file
View File

@@ -0,0 +1,35 @@
import type { CfnDistribution } from '../cloudfront.generated';
import type { AddBehaviorOptions } from '../distribution';
/**
* Properties for specifying custom behaviors for origins.
*/
export interface CacheBehaviorProps extends AddBehaviorOptions {
/**
* The pattern (e.g., `images/*.jpg`) that specifies which requests to apply the behavior to.
* There must be exactly one behavior associated with each `Distribution` that has a path pattern
* of '*', which acts as the catch-all default behavior.
*/
readonly pathPattern: string;
}
/**
* Allows configuring a variety of CloudFront functionality for a given URL path pattern.
*
* Note: This really should simply by called 'Behavior', but this name is already taken by the legacy
* CloudFrontWebDistribution implementation.
*/
export declare class CacheBehavior {
private readonly props;
private readonly originId;
constructor(originId: string, props: CacheBehaviorProps);
/**
* Creates and returns the CloudFormation representation of this behavior.
* This renders as a "CacheBehaviorProperty" regardless of if this is a default
* cache behavior or not, as the two are identical except that the pathPattern
* is omitted for the default cache behavior.
*
* @internal
*/
_renderBehavior(): CfnDistribution.CacheBehaviorProperty;
private validateEdgeLambdas;
private grantEdgeLambdaFunctionExecutionRole;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/private/cache-behavior.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CacheBehavior=void 0;var iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},cache_policy_1=()=>{var tmp=require("../cache-policy");return cache_policy_1=()=>tmp,tmp},distribution_1=()=>{var tmp=require("../distribution");return distribution_1=()=>tmp,tmp};class CacheBehavior{props;originId;constructor(originId,props){if(this.props=props,this.originId=originId,props.enableGrpc){if(props.allowedMethods!==distribution_1().AllowedMethods.ALLOW_ALL)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`AllowedMethodsOnlyAllowAllIfGrpcEnabled`,"'allowedMethods' can only be AllowedMethods.ALLOW_ALL if 'enableGrpc' is true");if(props.edgeLambdas!==void 0&&props.edgeLambdas.length>0)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`EdgeLambdasCannotBeSpecifiedIfGrpcEnabled`,"'edgeLambdas' cannot be specified if 'enableGrpc' is true")}this.validateEdgeLambdas(props.edgeLambdas),this.grantEdgeLambdaFunctionExecutionRole(props.edgeLambdas)}_renderBehavior(){return{pathPattern:this.props.pathPattern,targetOriginId:this.originId,allowedMethods:this.props.allowedMethods?.methods,cachedMethods:this.props.cachedMethods?.methods,cachePolicyId:(this.props.cachePolicy?.cachePolicyRef??cache_policy_1().CachePolicy.CACHING_OPTIMIZED).cachePolicyId,compress:this.props.compress??!0,originRequestPolicyId:this.props.originRequestPolicy?.originRequestPolicyRef.originRequestPolicyId,realtimeLogConfigArn:this.props?.realtimeLogConfig?.realtimeLogConfigRef.realtimeLogConfigArn,responseHeadersPolicyId:this.props.responseHeadersPolicy?.responseHeadersPolicyRef.responseHeadersPolicyId,smoothStreaming:this.props.smoothStreaming,viewerProtocolPolicy:this.props.viewerProtocolPolicy??distribution_1().ViewerProtocolPolicy.ALLOW_ALL,functionAssociations:this.props.functionAssociations?.map(association=>({functionArn:association.function.functionRef.functionArn,eventType:association.eventType.toString()})),lambdaFunctionAssociations:this.props.edgeLambdas?.map(edgeLambda=>({lambdaFunctionArn:edgeLambda.functionVersion.edgeArn,eventType:edgeLambda.eventType.toString(),includeBody:edgeLambda.includeBody})),trustedKeyGroups:this.props.trustedKeyGroups?.map(keyGroup=>keyGroup.keyGroupRef.keyGroupId),grpcConfig:this.props.enableGrpc!==void 0?{enabled:this.props.enableGrpc}:void 0}}validateEdgeLambdas(edgeLambdas){const includeBodyEventTypes=[distribution_1().LambdaEdgeEventType.ORIGIN_REQUEST,distribution_1().LambdaEdgeEventType.VIEWER_REQUEST];if(edgeLambdas&&edgeLambdas.some(lambda=>lambda.includeBody&&!includeBodyEventTypes.includes(lambda.eventType)))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`IncludeBodyOnlyTrueForRequestEventTypes`,"'includeBody' can only be true for ORIGIN_REQUEST or VIEWER_REQUEST event types.")}grantEdgeLambdaFunctionExecutionRole(edgeLambdas){!edgeLambdas||edgeLambdas.length===0||edgeLambdas.forEach(edgeLambda=>{const role=edgeLambda.functionVersion.role;role&&iam().Role.isRole(role)&&role.assumeRolePolicy&&role.assumeRolePolicy.addStatements(new(iam()).PolicyStatement({actions:["sts:AssumeRole"],principals:[new(iam()).ServicePrincipal("edgelambda.amazonaws.com")]}))})}}exports.CacheBehavior=CacheBehavior;

11
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/private/utils.d.ts generated vendored Normal file
View File

@@ -0,0 +1,11 @@
import type { IDistribution } from '..';
import * as iam from '../../../aws-iam';
/**
* Format distribution ARN from stack and distribution ID.
*/
export declare function formatDistributionArn(dist: IDistribution): string;
/**
* Adds an IAM policy statement associated with this distribution to an IAM
* principal's policy.
*/
export declare function grant(dist: IDistribution, grantee: iam.IGrantable, ...actions: string[]): iam.Grant;

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/private/utils.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.formatDistributionArn=formatDistributionArn,exports.grant=grant;var iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp};const wildcardOnlyActions=["cloudfront:CreateFieldLevelEncryptionConfig","cloudfront:CreateFieldLevelEncryptionProfile","cloudfront:CreateKeyGroup","cloudfront:CreateMonitoringSubscription","cloudfront:CreateOriginAccessControl","cloudfront:CreatePublicKey","cloudfront:CreateSavingsPlan","cloudfront:DeleteKeyGroup","cloudfront:DeleteMonitoringSubscription","cloudfront:DeletePublicKey","cloudfront:GetKeyGroup","cloudfront:GetKeyGroupConfig","cloudfront:GetMonitoringSubscription","cloudfront:GetPublicKey","cloudfront:GetPublicKeyConfig","cloudfront:GetSavingsPlan","cloudfront:ListAnycastIpLists","cloudfront:ListCachePolicies","cloudfront:ListCloudFrontOriginAccessIdentities","cloudfront:ListContinuousDeploymentPolicies","cloudfront:ListDistributions","cloudfront:ListDistributionsByAnycastIpListId","cloudfront:ListDistributionsByCachePolicyId","cloudfront:ListDistributionsByKeyGroup","cloudfront:ListDistributionsByLambdaFunction","cloudfront:ListDistributionsByOriginRequestPolicyId","cloudfront:ListDistributionsByRealtimeLogConfig","cloudfront:ListDistributionsByResponseHeadersPolicyId","cloudfront:ListDistributionsByVpcOriginId","cloudfront:ListDistributionsByWebACLId","cloudfront:ListFieldLevelEncryptionConfigs","cloudfront:ListFieldLevelEncryptionProfiles","cloudfront:ListFunctions","cloudfront:ListKeyGroups","cloudfront:ListKeyValueStores","cloudfront:ListOriginAccessControls","cloudfront:ListOriginRequestPolicies","cloudfront:ListPublicKeys","cloudfront:ListRateCards","cloudfront:ListRealtimeLogConfigs","cloudfront:ListResponseHeadersPolicies","cloudfront:ListSavingsPlans","cloudfront:ListStreamingDistributions","cloudfront:ListUsages","cloudfront:ListVpcOrigins","cloudfront:UpdateFieldLevelEncryptionConfig","cloudfront:UpdateKeyGroup","cloudfront:UpdatePublicKey","cloudfront:UpdateSavingsPlan"];function formatDistributionArn(dist){return core_1().Stack.of(dist).formatArn({service:"cloudfront",region:"",resource:"distribution",resourceName:dist.distributionId})}function grant(dist,grantee,...actions){const wildcardActions=[],resourceLevelSupportedActions=[];let wildcardGrant,resourceLevelGrant;for(const action of actions)wildcardOnlyActions.includes(action)?wildcardActions.push(action):resourceLevelSupportedActions.push(action);return wildcardActions.length>0&&(wildcardGrant=iam().Grant.addToPrincipal({grantee,actions:wildcardActions,resourceArns:["*"]})),resourceLevelSupportedActions.length>0&&(resourceLevelGrant=iam().Grant.addToPrincipal({grantee,actions:resourceLevelSupportedActions,resourceArns:[formatDistributionArn(dist)]})),wildcardActions.length>0&&resourceLevelSupportedActions.length>0?resourceLevelGrant.combine(wildcardGrant):wildcardActions.length>0?wildcardGrant:resourceLevelGrant}

51
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/public-key.d.ts generated vendored Normal file
View File

@@ -0,0 +1,51 @@
import type { Construct } from 'constructs';
import type { IPublicKeyRef, PublicKeyReference } from './cloudfront.generated';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* Represents a Public Key
*/
export interface IPublicKey extends IResource, IPublicKeyRef {
/**
* The ID of the key group.
* @attribute
*/
readonly publicKeyId: string;
}
/**
* Properties for creating a Public Key
*/
export interface PublicKeyProps {
/**
* A name to identify the public key.
* @default - generated from the `id`
*/
readonly publicKeyName?: string;
/**
* A comment to describe the public key.
* @default - no comment
*/
readonly comment?: string;
/**
* The public key that you can use with signed URLs and signed cookies, or with field-level encryption.
* The `encodedKey` parameter must include `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----` lines.
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html
*/
readonly encodedKey: string;
}
/**
* A Public Key Configuration
*
* @resource AWS::CloudFront::PublicKey
*/
export declare class PublicKey extends Resource implements IPublicKey {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/** Imports a Public Key from its id. */
static fromPublicKeyId(scope: Construct, id: string, publicKeyId: string): IPublicKey;
readonly publicKeyId: string;
readonly publicKeyRef: PublicKeyReference;
constructor(scope: Construct, id: string, props: PublicKeyProps);
private generateName;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/public-key.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.PublicKey=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var cloudfront_generated_1=()=>{var tmp=require("./cloudfront.generated");return cloudfront_generated_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};let PublicKey=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource;var PublicKey2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),PublicKey2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cloudfront.PublicKey",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cloudfront.PublicKey";static fromPublicKeyId(scope,id,publicKeyId){return new class extends core_1().Resource{publicKeyId=publicKeyId;publicKeyRef={publicKeyId}}(scope,id)}publicKeyId;publicKeyRef;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cloudfront_PublicKeyProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,PublicKey2),error}if((0,metadata_resource_1().addConstructMetadata)(this,props),!core_1().Token.isUnresolved(props.encodedKey)&&!/^-----BEGIN PUBLIC KEY-----/.test(props.encodedKey))throw new(core_1()).ValidationError((0,literal_string_1().lit)`PublicKeyMustBeInPemFormat`,`Public key must be in PEM format (with the BEGIN/END PUBLIC KEY lines); got ${props.encodedKey}`,scope);const resource=new(cloudfront_generated_1()).CfnPublicKey(this,"Resource",{publicKeyConfig:{name:props.publicKeyName??this.generateName(),callerReference:this.node.addr,encodedKey:props.encodedKey,comment:props.comment}});this.publicKeyRef=resource.publicKeyRef,this.publicKeyId=resource.ref}generateName(){const name=core_1().Names.uniqueId(this);return name.length>80?name.substring(0,40)+name.substring(name.length-40):name}static{__runInitializers(_classThis,_classExtraInitializers)}};return PublicKey2=_classThis})();exports.PublicKey=PublicKey;

59
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/realtime-log-config.d.ts generated vendored Normal file
View File

@@ -0,0 +1,59 @@
import type { Construct } from 'constructs';
import type { IRealtimeLogConfigRef, RealtimeLogConfigReference } from './cloudfront.generated';
import type { Endpoint } from '../';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* Represents Realtime Log Configuration
*/
export interface IRealtimeLogConfig extends IResource, IRealtimeLogConfigRef {
/**
* The name of the realtime log config.
* @attribute
*/
readonly realtimeLogConfigName: string;
/**
* The arn of the realtime log config.
* @attribute
*/
readonly realtimeLogConfigArn: string;
}
/**
* Properties for defining a RealtimeLogConfig resource.
*/
export interface RealtimeLogConfigProps {
/**
* The unique name of this real-time log configuration.
*
* @default - the unique construct ID
*/
readonly realtimeLogConfigName?: string;
/**
* A list of fields that are included in each real-time log record.
*
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields
*/
readonly fields: string[];
/**
* The sampling rate for this real-time log configuration.
*/
readonly samplingRate: number;
/**
* Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
*/
readonly endPoints: Endpoint[];
}
/**
* A Realtime Log Config configuration
*
* @resource AWS::CloudFront::RealtimeLogConfig
*/
export declare class RealtimeLogConfig extends Resource implements IRealtimeLogConfig {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
get realtimeLogConfigName(): string;
get realtimeLogConfigArn(): string;
readonly realtimeLogConfigRef: RealtimeLogConfigReference;
private readonly resource;
constructor(scope: Construct, id: string, props: RealtimeLogConfigProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/realtime-log-config.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

369
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/response-headers-policy.d.ts generated vendored Normal file
View File

@@ -0,0 +1,369 @@
import type { Construct } from 'constructs';
import type { IResponseHeadersPolicyRef, ResponseHeadersPolicyReference } from './cloudfront.generated';
import type { Duration } from '../../core';
import { Resource } from '../../core';
/**
* Represents a response headers policy.
*/
export interface IResponseHeadersPolicy extends IResponseHeadersPolicyRef {
/**
* The ID of the response headers policy
* @attribute
**/
readonly responseHeadersPolicyId: string;
}
/**
* Properties for creating a Response Headers Policy
*/
export interface ResponseHeadersPolicyProps {
/**
* A unique name to identify the response headers policy.
*
* @default - generated from the `id`
*/
readonly responseHeadersPolicyName?: string;
/**
* A comment to describe the response headers policy.
*
* @default - no comment
*/
readonly comment?: string;
/**
* A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
*
* @default - no cors behavior
*/
readonly corsBehavior?: ResponseHeadersCorsBehavior;
/**
* A configuration for a set of custom HTTP response headers.
*
* @default - no custom headers behavior
*/
readonly customHeadersBehavior?: ResponseCustomHeadersBehavior;
/**
* A configuration for a set of security-related HTTP response headers.
*
* @default - no security headers behavior
*/
readonly securityHeadersBehavior?: ResponseSecurityHeadersBehavior;
/**
* A list of HTTP response headers that CloudFront removes from HTTP responses
* that it sends to viewers.
*
* @default - no headers are removed
*/
readonly removeHeaders?: string[];
/**
* The percentage of responses that you want CloudFront to add the Server-Timing
* header to.
*
* @default - no Server-Timing header is added to HTTP responses
*/
readonly serverTimingSamplingRate?: number;
}
/**
* A Response Headers Policy configuration
*
* @resource AWS::CloudFront::ResponseHeadersPolicy
*/
export declare class ResponseHeadersPolicy extends Resource implements IResponseHeadersPolicy {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/** Use this managed policy to allow simple CORS requests from any origin. */
static readonly CORS_ALLOW_ALL_ORIGINS: IResponseHeadersPolicy;
/** Use this managed policy to allow CORS requests from any origin, including preflight requests. */
static readonly CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT: IResponseHeadersPolicy;
/** Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers. */
static readonly SECURITY_HEADERS: IResponseHeadersPolicy;
/** Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers. */
static readonly CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS: IResponseHeadersPolicy;
/** Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers. */
static readonly CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS: IResponseHeadersPolicy;
/**
* Import an existing Response Headers Policy from its ID.
*/
static fromResponseHeadersPolicyId(scope: Construct, id: string, responseHeadersPolicyId: string): IResponseHeadersPolicy;
private static fromManagedResponseHeadersPolicy;
readonly responseHeadersPolicyId: string;
readonly responseHeadersPolicyRef: ResponseHeadersPolicyReference;
constructor(scope: Construct, id: string, props?: ResponseHeadersPolicyProps);
private _renderCorsConfig;
private _renderCustomHeadersConfig;
private _renderSecurityHeadersConfig;
private _renderRemoveHeadersConfig;
private _renderServerTimingHeadersConfig;
}
/**
* Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
* CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior
* associated with this response headers policy.
*/
export interface ResponseHeadersCorsBehavior {
/**
* A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
*/
readonly accessControlAllowCredentials: boolean;
/**
* A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
* You can specify `['*']` to allow all headers.
*/
readonly accessControlAllowHeaders: string[];
/**
* A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
*
* Allowed methods: `'GET'`, `'DELETE'`, `'HEAD'`, `'OPTIONS'`, `'PATCH'`, `'POST'`, and `'PUT'`.
* You can specify `['ALL']` to allow all methods.
*/
readonly accessControlAllowMethods: string[];
/**
* A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
* You can specify `['*']` to allow all origins.
*/
readonly accessControlAllowOrigins: string[];
/**
* A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
* You can specify `['*']` to expose all headers.
*
* @default - no headers exposed
*/
readonly accessControlExposeHeaders?: string[];
/**
* A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
*
* @default - no max age
*/
readonly accessControlMaxAge?: Duration;
/**
* A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
*/
readonly originOverride: boolean;
}
/**
* Configuration for a set of HTTP response headers that are sent for requests that match a cache behavior
* thats associated with this response headers policy.
*/
export interface ResponseCustomHeadersBehavior {
/**
* The list of HTTP response headers and their values.
*/
readonly customHeaders: ResponseCustomHeader[];
}
/**
* An HTTP response header name and its value.
* CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior thats associated with this response headers policy.
*/
export interface ResponseCustomHeader {
/**
* The HTTP response header name.
*/
readonly header: string;
/**
* A Boolean that determines whether CloudFront overrides a response header with the same name
* received from the origin with the header specified here.
*/
readonly override: boolean;
/**
* The value for the HTTP response header.
*/
readonly value: string;
}
/**
* Configuration for a set of security-related HTTP response headers.
* CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior
* associated with this response headers policy.
*/
export interface ResponseSecurityHeadersBehavior {
/**
* The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
*
* @default - no content security policy
*/
readonly contentSecurityPolicy?: ResponseHeadersContentSecurityPolicy;
/**
* Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
*
* @default - no content type options
*/
readonly contentTypeOptions?: ResponseHeadersContentTypeOptions;
/**
* Determines whether CloudFront includes the X-Frame-Options HTTP response header and the headers value.
*
* @default - no frame options
*/
readonly frameOptions?: ResponseHeadersFrameOptions;
/**
* Determines whether CloudFront includes the Referrer-Policy HTTP response header and the headers value.
*
* @default - no referrer policy
*/
readonly referrerPolicy?: ResponseHeadersReferrerPolicy;
/**
* Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the headers value.
*
* @default - no strict transport security
*/
readonly strictTransportSecurity?: ResponseHeadersStrictTransportSecurity;
/**
* Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the headers value.
*
* @default - no xss protection
*/
readonly xssProtection?: ResponseHeadersXSSProtection;
}
/**
* The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
*/
export interface ResponseHeadersContentSecurityPolicy {
/**
* The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
*/
readonly contentSecurityPolicy: string;
/**
* A Boolean that determines whether CloudFront overrides the Content-Security-Policy HTTP response header
* received from the origin with the one specified in this response headers policy.
*/
readonly override: boolean;
}
/**
* Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
*/
export interface ResponseHeadersContentTypeOptions {
/**
* A Boolean that determines whether CloudFront overrides the X-Content-Type-Options HTTP response header
* received from the origin with the one specified in this response headers policy.
*/
readonly override: boolean;
}
/**
* Determines whether CloudFront includes the X-Frame-Options HTTP response header and the headers value.
*/
export interface ResponseHeadersFrameOptions {
/**
* The value of the X-Frame-Options HTTP response header.
*/
readonly frameOption: HeadersFrameOption;
/**
* A Boolean that determines whether CloudFront overrides the X-Frame-Options HTTP response header
* received from the origin with the one specified in this response headers policy.
*/
readonly override: boolean;
}
/**
* Determines whether CloudFront includes the Referrer-Policy HTTP response header and the headers value.
*/
export interface ResponseHeadersReferrerPolicy {
/**
* The value of the Referrer-Policy HTTP response header.
*/
readonly referrerPolicy: HeadersReferrerPolicy;
/**
* A Boolean that determines whether CloudFront overrides the Referrer-Policy HTTP response header
* received from the origin with the one specified in this response headers policy.
*/
readonly override: boolean;
}
/**
* Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the headers value.
*/
export interface ResponseHeadersStrictTransportSecurity {
/**
* A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.
*/
readonly accessControlMaxAge: Duration;
/**
* A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.
*
* @default false
*/
readonly includeSubdomains?: boolean;
/**
* A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header
* received from the origin with the one specified in this response headers policy.
*/
readonly override: boolean;
/**
* A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.
*
* @default false
*/
readonly preload?: boolean;
}
/**
* Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the headers value.
*/
export interface ResponseHeadersXSSProtection {
/**
* A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
*
* @default false
*/
readonly modeBlock?: boolean;
/**
* A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header
* received from the origin with the one specified in this response headers policy.
*/
readonly override: boolean;
/**
* A Boolean that determines the value of the X-XSS-Protection HTTP response header.
* When this setting is true, the value of the X-XSS-Protection header is 1.
* When this setting is false, the value of the X-XSS-Protection header is 0.
*/
readonly protection: boolean;
/**
* A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.
* You cannot specify a ReportUri when ModeBlock is true.
*
* @default - no report uri
*/
readonly reportUri?: string;
}
/**
* Enum representing possible values of the X-Frame-Options HTTP response header.
*/
export declare enum HeadersFrameOption {
/**
* The page can only be displayed in a frame on the same origin as the page itself.
*/
DENY = "DENY",
/**
* The page can only be displayed in a frame on the specified origin.
*/
SAMEORIGIN = "SAMEORIGIN"
}
/**
* Enum representing possible values of the Referrer-Policy HTTP response header.
*/
export declare enum HeadersReferrerPolicy {
/**
* The referrer policy is not set.
*/
NO_REFERRER = "no-referrer",
/**
* The referrer policy is no-referrer-when-downgrade.
*/
NO_REFERRER_WHEN_DOWNGRADE = "no-referrer-when-downgrade",
/**
* The referrer policy is origin.
*/
ORIGIN = "origin",
/**
* The referrer policy is origin-when-cross-origin.
*/
ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin",
/**
* The referrer policy is same-origin.
*/
SAME_ORIGIN = "same-origin",
/**
* The referrer policy is strict-origin.
*/
STRICT_ORIGIN = "strict-origin",
/**
* The referrer policy is strict-origin-when-cross-origin.
*/
STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin",
/**
* The referrer policy is unsafe-url.
*/
UNSAFE_URL = "unsafe-url"
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/response-headers-policy.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

158
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/vpc-origin.d.ts generated vendored Normal file
View File

@@ -0,0 +1,158 @@
import type { Construct } from 'constructs';
import type { IVpcOriginRef, VpcOriginReference } from './cloudfront.generated';
import type { OriginProtocolPolicy } from '../';
import { OriginSslPolicy } from '../';
import type { IInstance } from '../../aws-ec2';
import type { IApplicationLoadBalancer, INetworkLoadBalancer } from '../../aws-elasticloadbalancingv2';
import type { IResource, ITaggableV2, TagManager } from '../../core';
import { Resource } from '../../core';
/**
* Represents a VPC origin.
*/
export interface IVpcOrigin extends IResource, IVpcOriginRef {
/**
* The VPC origin ARN.
* @attribute
*/
readonly vpcOriginArn: string;
/**
* The VPC origin ID.
* @attribute
*/
readonly vpcOriginId: string;
/**
* The domain name of the CloudFront VPC origin endpoint configuration.
*/
readonly domainName?: string;
}
/**
* VPC origin endpoint configuration.
*/
export interface VpcOriginOptions {
/**
* The HTTP port for the CloudFront VPC origin endpoint configuration.
* @default 80
*/
readonly httpPort?: number;
/**
* The HTTPS port of the CloudFront VPC origin endpoint configuration.
* @default 443
*/
readonly httpsPort?: number;
/**
* The name of the CloudFront VPC origin endpoint configuration.
* @default - generated from the `id`
*/
readonly vpcOriginName?: string;
/**
* The origin protocol policy for the CloudFront VPC origin endpoint configuration.
* @default OriginProtocolPolicy.MATCH_VIEWER
*/
readonly protocolPolicy?: OriginProtocolPolicy;
/**
* A list that contains allowed SSL/TLS protocols for this distribution.
* @default - TLSv1.2
*/
readonly originSslProtocols?: OriginSslPolicy[];
}
/**
* VPC origin endpoint configuration.
*/
export interface VpcOriginProps extends VpcOriginOptions {
/**
* The VPC origin endpoint.
*/
readonly endpoint: VpcOriginEndpoint;
}
/**
* The properties to import from the VPC origin
*/
export interface VpcOriginAttributes {
/**
* The ARN of the VPC origin.
*
* At least one of vpcOriginArn and vpcOriginId must be provided.
*
* @default - derived from `vpcOriginId`.
*/
readonly vpcOriginArn?: string;
/**
* The ID of the VPC origin.
*
* At least one of vpcOriginArn and vpcOriginId must be provided.
*
* @default - derived from `vpcOriginArn`.
*/
readonly vpcOriginId?: string;
/**
* The domain name of the CloudFront VPC origin endpoint configuration.
* @default - No domain name configured
*/
readonly domainName?: string;
}
/**
* Represents the VPC origin endpoint.
*/
export declare abstract class VpcOriginEndpoint {
/**
* A VPC origin endpoint from an EC2 instance.
*/
static ec2Instance(instance: IInstance): VpcOriginEndpoint;
/**
* A VPC origin endpoint from an Application Load Balancer.
*/
static applicationLoadBalancer(alb: IApplicationLoadBalancer): VpcOriginEndpoint;
/**
* A VPC origin endpoint from an Network Load Balancer.
*/
static networkLoadBalancer(nlb: INetworkLoadBalancer): VpcOriginEndpoint;
/**
* The ARN of the CloudFront VPC origin endpoint configuration.
*/
abstract readonly endpointArn: string;
/**
* The domain name of the CloudFront VPC origin endpoint configuration.
* @default - No domain name configured
*/
abstract readonly domainName?: string;
}
/**
* A CloudFront VPC Origin configuration.
*
* @resource AWS::CloudFront::VpcOrigin
*/
export declare class VpcOrigin extends Resource implements IVpcOrigin, ITaggableV2 {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import an existing VPC origin from its ID.
*/
static fromVpcOriginId(scope: Construct, id: string, vpcOriginId: string): IVpcOrigin;
/**
* Import an existing VPC origin from its ARN.
*/
static fromVpcOriginArn(scope: Construct, id: string, vpcOriginArn: string): IVpcOrigin;
/**
* Import an existing VPC origin from its attributes.
*/
static fromVpcOriginAttributes(scope: Construct, id: string, attrs: VpcOriginAttributes): IVpcOrigin;
/**
* The VPC origin ARN.
* @attribute
*/
get vpcOriginArn(): string;
/**
* The VPC origin ID.
* @attribute
*/
readonly vpcOriginId: string;
/**
* The domain name of the CloudFront VPC origin endpoint configuration.
*/
readonly domainName?: string;
readonly vpcOriginRef: VpcOriginReference;
readonly cdkTagManager: TagManager;
private readonly resource;
constructor(scope: Construct, id: string, props: VpcOriginProps);
private validatePortNumber;
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/vpc-origin.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

626
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/web-distribution.d.ts generated vendored Normal file
View File

@@ -0,0 +1,626 @@
import type { Construct } from 'constructs';
import { DistributionGrants } from './cloudfront-grants.generated';
import type { DistributionReference } from './cloudfront.generated';
import { CfnDistribution } from './cloudfront.generated';
import type { IDistribution } from './distribution';
import { HttpVersion, LambdaEdgeEventType, OriginProtocolPolicy, PriceClass, SecurityPolicyProtocol, SSLMethod, ViewerProtocolPolicy } from './distribution';
import type { FunctionAssociation } from './function';
import type { GeoRestriction } from './geo-restriction';
import * as iam from '../../aws-iam';
import type * as lambda from '../../aws-lambda';
import * as s3 from '../../aws-s3';
import * as cdk from '../../core';
import type { ICertificateRef } from '../../interfaces/generated/aws-certificatemanager-interfaces.generated';
import type { ICloudFrontOriginAccessIdentityRef, IKeyGroupRef } from '../../interfaces/generated/aws-cloudfront-interfaces.generated';
/**
* HTTP status code to failover to second origin
*/
export declare enum FailoverStatusCode {
/**
* Forbidden (403)
*/
FORBIDDEN = 403,
/**
* Not found (404)
*/
NOT_FOUND = 404,
/**
* Internal Server Error (500)
*/
INTERNAL_SERVER_ERROR = 500,
/**
* Bad Gateway (502)
*/
BAD_GATEWAY = 502,
/**
* Service Unavailable (503)
*/
SERVICE_UNAVAILABLE = 503,
/**
* Gateway Timeout (504)
*/
GATEWAY_TIMEOUT = 504
}
/**
* Logging configuration for incoming requests
*/
export interface LoggingConfiguration {
/**
* Bucket to log requests to
*
* @default - A logging bucket is automatically created.
*/
readonly bucket?: s3.IBucket;
/**
* Whether to include the cookies in the logs
*
* @default false
*/
readonly includeCookies?: boolean;
/**
* Where in the bucket to store logs
*
* @default - No prefix.
*/
readonly prefix?: string;
}
/**
* A source configuration is a wrapper for CloudFront origins and behaviors.
* An origin is what CloudFront will "be in front of" - that is, CloudFront will pull its assets from an origin.
*
* If you're using s3 as a source - pass the `s3Origin` property, otherwise, pass the `customOriginSource` property.
*
* One or the other must be passed, and it is invalid to pass both in the same SourceConfiguration.
*/
export interface SourceConfiguration {
/**
* The number of times that CloudFront attempts to connect to the origin.
* You can specify 1, 2, or 3 as the number of attempts.
*
* @default 3
*/
readonly connectionAttempts?: number;
/**
* The number of seconds that CloudFront waits when trying to establish a connection to the origin.
* You can specify a number of seconds between 1 and 10 (inclusive).
*
* @default cdk.Duration.seconds(10)
*/
readonly connectionTimeout?: cdk.Duration;
/**
* An s3 origin source - if you're using s3 for your assets
*/
readonly s3OriginSource?: S3OriginConfig;
/**
* A custom origin source - for all non-s3 sources.
*/
readonly customOriginSource?: CustomOriginConfig;
/**
* An s3 origin source for failover in case the s3OriginSource returns invalid status code
*
* @default - no failover configuration
*/
readonly failoverS3OriginSource?: S3OriginConfig;
/**
* A custom origin source for failover in case the s3OriginSource returns invalid status code
*
* @default - no failover configuration
*/
readonly failoverCustomOriginSource?: CustomOriginConfig;
/**
* HTTP status code to failover to second origin
*
* @default [500, 502, 503, 504]
*/
readonly failoverCriteriaStatusCodes?: FailoverStatusCode[];
/**
* The behaviors associated with this source.
* At least one (default) behavior must be included.
*/
readonly behaviors: Behavior[];
/**
* When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
*
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
*
* @default - origin shield not enabled
*/
readonly originShieldRegion?: string;
}
/**
* A custom origin configuration
*/
export interface CustomOriginConfig {
/**
* The domain name of the custom origin. Should not include the path - that should be in the parent SourceConfiguration
*/
readonly domainName: string;
/**
* The origin HTTP port
*
* @default 80
*/
readonly httpPort?: number;
/**
* The origin HTTPS port
*
* @default 443
*/
readonly httpsPort?: number;
/**
* The keep alive timeout when making calls in seconds.
*
* @default Duration.seconds(5)
*/
readonly originKeepaliveTimeout?: cdk.Duration;
/**
* The protocol (http or https) policy to use when interacting with the origin.
*
* @default OriginProtocolPolicy.HttpsOnly
*/
readonly originProtocolPolicy?: OriginProtocolPolicy;
/**
* The read timeout when calling the origin in seconds
*
* @default Duration.seconds(30)
*/
readonly originReadTimeout?: cdk.Duration;
/**
* The SSL versions to use when interacting with the origin.
*
* @default OriginSslPolicy.TLS_V1_2
*/
readonly allowedOriginSSLVersions?: OriginSslPolicy[];
/**
* The relative path to the origin root to use for sources.
*
* @default /
*/
readonly originPath?: string;
/**
* Any additional headers to pass to the origin
*
* @default - No additional headers are passed.
*/
readonly originHeaders?: {
[key: string]: string;
};
/**
* When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
*
* @default - origin shield not enabled
*/
readonly originShieldRegion?: string;
}
export declare enum OriginSslPolicy {
SSL_V3 = "SSLv3",
TLS_V1 = "TLSv1",
TLS_V1_1 = "TLSv1.1",
TLS_V1_2 = "TLSv1.2"
}
/**
* S3 origin configuration for CloudFront
*/
export interface S3OriginConfig {
/**
* The source bucket to serve content from
*/
readonly s3BucketSource: s3.IBucket;
/**
* The optional Origin Access Identity of the origin identity cloudfront will use when calling your s3 bucket.
*
* @default No Origin Access Identity which requires the S3 bucket to be public accessible
*/
readonly originAccessIdentity?: ICloudFrontOriginAccessIdentityRef & iam.IGrantable;
/**
* The relative path to the origin root to use for sources.
*
* @default /
*/
readonly originPath?: string;
/**
* Any additional headers to pass to the origin
*
* @default - No additional headers are passed.
*/
readonly originHeaders?: {
[key: string]: string;
};
/**
* When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
*
* @default - origin shield not enabled
*/
readonly originShieldRegion?: string;
}
/**
* An enum for the supported methods to a CloudFront distribution.
*/
export declare enum CloudFrontAllowedMethods {
GET_HEAD = "GH",
GET_HEAD_OPTIONS = "GHO",
ALL = "ALL"
}
/**
* Enums for the methods CloudFront can cache.
*/
export declare enum CloudFrontAllowedCachedMethods {
GET_HEAD = "GH",
GET_HEAD_OPTIONS = "GHO"
}
/**
* A CloudFront behavior wrapper.
*/
export interface Behavior {
/**
* If CloudFront should automatically compress some content types.
*
* @default true
*/
readonly compress?: boolean;
/**
* If this behavior is the default behavior for the distribution.
*
* You must specify exactly one default distribution per CloudFront distribution.
* The default behavior is allowed to omit the "path" property.
*/
readonly isDefaultBehavior?: boolean;
/**
* Trusted signers is how CloudFront allows you to serve private content.
* The signers are the account IDs that are allowed to sign cookies/presigned URLs for this distribution.
*
* If you pass a non empty value, all requests for this behavior must be signed (no public access will be allowed)
* @deprecated - We recommend using trustedKeyGroups instead of trustedSigners.
*/
readonly trustedSigners?: string[];
/**
* A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies.
*
* @default - no KeyGroups are associated with cache behavior
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
*/
readonly trustedKeyGroups?: IKeyGroupRef[];
/**
*
* The default amount of time CloudFront will cache an object.
*
* This value applies only when your custom origin does not add HTTP headers,
* such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects.
* @default 86400 (1 day)
*
*/
readonly defaultTtl?: cdk.Duration;
/**
* The method this CloudFront distribution responds do.
*
* @default GET_HEAD
*/
readonly allowedMethods?: CloudFrontAllowedMethods;
/**
* The path this behavior responds to.
* Required for all non-default behaviors. (The default behavior implicitly has "*" as the path pattern. )
*
*/
readonly pathPattern?: string;
/**
* Which methods are cached by CloudFront by default.
*
* @default GET_HEAD
*/
readonly cachedMethods?: CloudFrontAllowedCachedMethods;
/**
* The values CloudFront will forward to the origin when making a request.
*
* @default none (no cookies - no headers)
*
*/
readonly forwardedValues?: CfnDistribution.ForwardedValuesProperty;
/**
* The minimum amount of time that you want objects to stay in the cache
* before CloudFront queries your origin.
*/
readonly minTtl?: cdk.Duration;
/**
* The max amount of time you want objects to stay in the cache
* before CloudFront queries your origin.
*
* @default Duration.seconds(31536000) (one year)
*/
readonly maxTtl?: cdk.Duration;
/**
* Declares associated lambda@edge functions for this distribution behaviour.
*
* @default No lambda function associated
*/
readonly lambdaFunctionAssociations?: LambdaFunctionAssociation[];
/**
* The CloudFront functions to invoke before serving the contents.
*
* @default - no functions will be invoked
*/
readonly functionAssociations?: FunctionAssociation[];
/**
* The viewer policy for this behavior.
*
* @default - the distribution wide viewer protocol policy will be used
*/
readonly viewerProtocolPolicy?: ViewerProtocolPolicy;
}
export interface LambdaFunctionAssociation {
/**
* The lambda event type defines at which event the lambda
* is called during the request lifecycle
*/
readonly eventType: LambdaEdgeEventType;
/**
* A version of the lambda to associate
*/
readonly lambdaFunction: lambda.IVersion;
/**
* Allows a Lambda function to have read access to the body content.
* Only valid for "request" event types (`ORIGIN_REQUEST` or `VIEWER_REQUEST`).
* @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html
*
* @default false
*/
readonly includeBody?: boolean;
}
export interface ViewerCertificateOptions {
/**
* How CloudFront should serve HTTPS requests.
*
* See the notes on SSLMethod if you wish to use other SSL termination types.
*
* @default SSLMethod.SNI
* @see https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html
*/
readonly sslMethod?: SSLMethod;
/**
* The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
*
* CloudFront serves your objects only to browsers or devices that support at
* least the SSL version that you specify.
*
* @default - SSLv3 if sslMethod VIP, TLSv1 if sslMethod SNI
*/
readonly securityPolicy?: SecurityPolicyProtocol;
/**
* Domain names on the certificate (both main domain name and Subject Alternative names)
*/
readonly aliases?: string[];
}
/**
* Viewer certificate configuration class
*/
export declare class ViewerCertificate {
readonly props: CfnDistribution.ViewerCertificateProperty;
readonly aliases: string[];
/**
* Generate an AWS Certificate Manager (ACM) viewer certificate configuration
*
* @param certificate AWS Certificate Manager (ACM) certificate.
* Your certificate must be located in the us-east-1 (US East (N. Virginia)) region to be accessed by CloudFront
* @param options certificate configuration options
*/
static fromAcmCertificate(certificate: ICertificateRef, options?: ViewerCertificateOptions): ViewerCertificate;
/**
* Generate an IAM viewer certificate configuration
*
* @param iamCertificateId Identifier of the IAM certificate
* @param options certificate configuration options
*/
static fromIamCertificate(iamCertificateId: string, options?: ViewerCertificateOptions): ViewerCertificate;
/**
* Generate a viewer certificate configuration using
* the CloudFront default certificate (e.g. d111111abcdef8.cloudfront.net)
* and a `SecurityPolicyProtocol.TLS_V1` security policy.
*
* @param aliases Alternative CNAME aliases
* You also must create a CNAME record with your DNS service to route queries
*/
static fromCloudFrontDefaultCertificate(...aliases: string[]): ViewerCertificate;
private constructor();
}
export interface CloudFrontWebDistributionProps {
/**
* A comment for this distribution in the CloudFront console.
*
* @default - No comment is added to distribution.
*/
readonly comment?: string;
/**
* Enable or disable the distribution.
*
* @default true
*/
readonly enabled?: boolean;
/**
* The default object to serve.
*
* @default - "index.html" is served.
*/
readonly defaultRootObject?: string;
/**
* If your distribution should have IPv6 enabled.
*
* @default true
*/
readonly enableIpV6?: boolean;
/**
* The max supported HTTP Versions.
*
* @default HttpVersion.HTTP2
*/
readonly httpVersion?: HttpVersion;
/**
* The price class for the distribution (this impacts how many locations CloudFront uses for your distribution, and billing)
*
* @default PriceClass.PRICE_CLASS_100 the cheapest option for CloudFront is picked by default.
*/
readonly priceClass?: PriceClass;
/**
* The default viewer policy for incoming clients.
*
* @default RedirectToHTTPs
*/
readonly viewerProtocolPolicy?: ViewerProtocolPolicy;
/**
* The origin configurations for this distribution. Behaviors are a part of the origin.
*/
readonly originConfigs: SourceConfiguration[];
/**
* Optional - if we should enable logging.
* You can pass an empty object ({}) to have us auto create a bucket for logging.
* Omission of this property indicates no logging is to be enabled.
*
* @default - no logging is enabled by default.
*/
readonly loggingConfig?: LoggingConfiguration;
/**
* How CloudFront should handle requests that are not successful (eg PageNotFound)
*
* By default, CloudFront does not replace HTTP status codes in the 4xx and 5xx range
* with custom error messages. CloudFront does not cache HTTP status codes.
*
* @default - No custom error configuration.
*/
readonly errorConfigurations?: CfnDistribution.CustomErrorResponseProperty[];
/**
* Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.
*
* To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
* `arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a`.
*
* To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example `473e64fd-f30b-4765-81a0-62ad96dd167a`.
*
* @see https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
* @see https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateDistribution.html#API_CreateDistribution_RequestParameters.
*
* @default - No AWS Web Application Firewall web access control list (web ACL).
*/
readonly webACLId?: string;
/**
* Specifies whether you want viewers to use HTTP or HTTPS to request your objects,
* whether you're using an alternate domain name with HTTPS, and if so,
* if you're using AWS Certificate Manager (ACM) or a third-party certificate authority.
*
* @default ViewerCertificate.fromCloudFrontDefaultCertificate()
*
* @see https://aws.amazon.com/premiumsupport/knowledge-center/custom-ssl-certificate-cloudfront/
*/
readonly viewerCertificate?: ViewerCertificate;
/**
* Controls the countries in which your content is distributed.
*
* @default No geo restriction
*/
readonly geoRestriction?: GeoRestriction;
}
/**
* Attributes used to import a Distribution.
*/
export interface CloudFrontWebDistributionAttributes {
/**
* The generated domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
*
* @attribute
*/
readonly domainName: string;
/**
* The distribution ID for this distribution.
*
* @attribute
*/
readonly distributionId: string;
}
/**
* Amazon CloudFront is a global content delivery network (CDN) service that securely delivers data, videos,
* applications, and APIs to your viewers with low latency and high transfer speeds.
* CloudFront fronts user provided content and caches it at edge locations across the world.
*
* Here's how you can use this construct:
*
* ```ts
* const sourceBucket = new s3.Bucket(this, 'Bucket');
*
* const distribution = new cloudfront.CloudFrontWebDistribution(this, 'MyDistribution', {
* originConfigs: [
* {
* s3OriginSource: {
* s3BucketSource: sourceBucket,
* },
* behaviors : [ {isDefaultBehavior: true}],
* },
* ],
* });
* ```
*
* This will create a CloudFront distribution that uses your S3Bucket as its origin.
*
* You can customize the distribution using additional properties from the CloudFrontWebDistributionProps interface.
*
* @resource AWS::CloudFront::Distribution
* @deprecated Use `Distribution` instead
*/
export declare class CloudFrontWebDistribution extends cdk.Resource implements IDistribution {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Creates a construct that represents an external (imported) distribution.
*/
static fromDistributionAttributes(scope: Construct, id: string, attrs: CloudFrontWebDistributionAttributes): IDistribution;
/**
* Collection of grant methods for a Distribution
*/
readonly grants: DistributionGrants;
/**
* The logging bucket for this CloudFront distribution.
* If logging is not enabled for this distribution - this property will be undefined.
*/
readonly loggingBucket?: s3.IBucket;
/**
* The domain name created by CloudFront for this distribution.
* If you are using aliases for your distribution, this is the domainName your DNS records should point to.
* (In Route53, you could create an ALIAS record to this value, for example.)
*/
readonly distributionDomainName: string;
/**
* The distribution ID for this distribution.
*/
readonly distributionId: string;
readonly distributionRef: DistributionReference;
/**
* Maps our methods to the string arrays they are
*/
private readonly METHOD_LOOKUP_MAP;
/**
* Maps for which SecurityPolicyProtocol are available to which SSLMethods
*/
private readonly VALID_SSL_PROTOCOLS;
constructor(scope: Construct, id: string, props: CloudFrontWebDistributionProps);
get distributionArn(): string;
/**
* Adds an IAM policy statement associated with this distribution to an IAM
* principal's policy.
* [disable-awslint:no-grants]
*
* @param identity The principal
* @param actions The set of actions to allow (i.e. "cloudfront:ListInvalidations")
*/
grant(identity: iam.IGrantable, ...actions: string[]): iam.Grant;
/**
* Grant to create invalidations for this bucket to an IAM principal (Role/Group/User).
* [disable-awslint:no-grants]
*
* @param identity The principal
*/
grantCreateInvalidation(identity: iam.IGrantable): iam.Grant;
private toBehavior;
private toOriginProperty;
/**
* Takes origin shield region from props and converts to CfnDistribution.OriginShieldProperty
*/
private toOriginShieldProperty;
}

2
cdk/node_modules/aws-cdk-lib/aws-cloudfront/lib/web-distribution.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

42
cdk/node_modules/aws-cdk-lib/aws-cloudfront/test/example.acm-cert-alias.lit.ts generated vendored Normal file
View File

@@ -0,0 +1,42 @@
import type { Construct } from 'constructs';
import * as certificatemanager from '../../aws-certificatemanager';
import * as s3 from '../../aws-s3';
import { App, Stack } from '../../core';
import * as cloudfront from '../lib';
class AcmCertificateAliasStack extends Stack {
constructor(scope: Construct, id: string) {
super(scope, id);
/// !show
const s3BucketSource = new s3.Bucket(this, 'Bucket');
const certificate = new certificatemanager.Certificate(this, 'Certificate', {
domainName: 'example.com',
subjectAlternativeNames: ['*.example.com'],
});
const distribution = new cloudfront.CloudFrontWebDistribution(this, 'AnAmazingWebsiteProbably', {
originConfigs: [{
s3OriginSource: { s3BucketSource },
behaviors: [{ isDefaultBehavior: true }],
}],
viewerCertificate: cloudfront.ViewerCertificate.fromAcmCertificate(
certificate,
{
aliases: ['example.com', 'www.example.com'],
securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1, // default
sslMethod: cloudfront.SSLMethod.SNI, // default
},
),
});
/// !hide
Array.isArray(s3BucketSource);
Array.isArray(certificate);
Array.isArray(distribution);
}
}
const app = new App();
new AcmCertificateAliasStack(app, 'AcmCertificateAliasStack');
app.synth();

30
cdk/node_modules/aws-cdk-lib/aws-cloudfront/test/example.default-cert-alias.lit.ts generated vendored Normal file
View File

@@ -0,0 +1,30 @@
import type { Construct } from 'constructs';
import * as s3 from '../../aws-s3';
import { App, Stack } from '../../core';
import * as cloudfront from '../lib';
class AcmCertificateAliasStack extends Stack {
constructor(scope: Construct, id: string) {
super(scope, id);
/// !show
const s3BucketSource = new s3.Bucket(this, 'Bucket');
const distribution = new cloudfront.CloudFrontWebDistribution(this, 'AnAmazingWebsiteProbably', {
originConfigs: [{
s3OriginSource: { s3BucketSource },
behaviors: [{ isDefaultBehavior: true }],
}],
viewerCertificate: cloudfront.ViewerCertificate.fromCloudFrontDefaultCertificate(
'www.example.com',
),
});
/// !hide
Array.isArray(s3BucketSource);
Array.isArray(distribution);
}
}
const app = new App();
new AcmCertificateAliasStack(app, 'AcmCertificateAliasStack');
app.synth();

35
cdk/node_modules/aws-cdk-lib/aws-cloudfront/test/example.iam-cert-alias.lit.ts generated vendored Normal file
View File

@@ -0,0 +1,35 @@
import type { Construct } from 'constructs';
import * as s3 from '../../aws-s3';
import { App, Stack } from '../../core';
import * as cloudfront from '../lib';
class AcmCertificateAliasStack extends Stack {
constructor(scope: Construct, id: string) {
super(scope, id);
/// !show
const s3BucketSource = new s3.Bucket(this, 'Bucket');
const distribution = new cloudfront.CloudFrontWebDistribution(this, 'AnAmazingWebsiteProbably', {
originConfigs: [{
s3OriginSource: { s3BucketSource },
behaviors: [{ isDefaultBehavior: true }],
}],
viewerCertificate: cloudfront.ViewerCertificate.fromIamCertificate(
'certificateId',
{
aliases: ['example.com'],
securityPolicy: cloudfront.SecurityPolicyProtocol.SSL_V3, // default
sslMethod: cloudfront.SSLMethod.SNI, // default
},
),
});
/// !hide
Array.isArray(s3BucketSource);
Array.isArray(distribution);
}
}
const app = new App();
new AcmCertificateAliasStack(app, 'AcmCertificateAliasStack');
app.synth();

3
cdk/node_modules/aws-cdk-lib/aws-cloudfront/test/function-code.js generated vendored Normal file
View File

@@ -0,0 +1,3 @@
function handler(event) {
return event.request;
}