CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

cloudfront.mddocs/networking/

CloudFront - Content Delivery Network

Amazon CloudFront is a fast CDN service that securely delivers data, videos, applications, and APIs globally.

Common Tasks

Create a distribution for an S3 bucket

const distribution = new aws.cloudfront.Distribution("cdn", {
    enabled: true,
    origins: [{ domainName: bucket.bucketRegionalDomainName, originId: "S3" }],
    defaultCacheBehavior: {
        targetOriginId: "S3",
        viewerProtocolPolicy: "redirect-to-https",
        forwardedValues: { queryString: false, cookies: { forward: "none" } },
    },
    viewerCertificate: { cloudfrontDefaultCertificate: true },
    restrictions: { geoRestriction: { restrictionType: "none" } },
});

Set up custom domain with SSL certificate

const distribution = new aws.cloudfront.Distribution("cdn", {
    enabled: true,
    aliases: ["cdn.example.com"],
    origins: [{ domainName: bucket.bucketRegionalDomainName, originId: "S3" }],
    defaultCacheBehavior: { /* ... */ },
    viewerCertificate: {
        acmCertificateArn: cert.arn,
        sslSupportMethod: "sni-only",
        minimumProtocolVersion: "TLSv1.2_2021",
    },
    restrictions: { geoRestriction: { restrictionType: "none" } },
});

Configure multiple origins with path patterns

const distribution = new aws.cloudfront.Distribution("cdn", {
    enabled: true,
    origins: [
        { originId: "S3", domainName: bucket.bucketRegionalDomainName },
        { originId: "API", domainName: "api.example.com", customOriginConfig: {
            originProtocolPolicy: "https-only",
            httpsPort: 443,
        }},
    ],
    defaultCacheBehavior: { targetOriginId: "S3", /* ... */ },
    orderedCacheBehaviors: [{
        pathPattern: "/api/*",
        targetOriginId: "API",
        viewerProtocolPolicy: "https-only",
    }],
    /* ... */
});

Core Resources

Distribution

CloudFront distributions for content delivery.

class Distribution extends pulumi.CustomResource {
    constructor(name: string, args: DistributionArgs, opts?: pulumi.CustomResourceOptions);

    readonly arn: pulumi.Output<string>;
    readonly domainName: pulumi.Output<string>;
    readonly id: pulumi.Output<string>;
}

interface DistributionArgs {
    enabled: pulumi.Input<boolean>;
    origins: pulumi.Input<pulumi.Input<DistributionOrigin>[]>;
    defaultCacheBehavior: pulumi.Input<DistributionDefaultCacheBehavior>;
    orderedCacheBehaviors?: pulumi.Input<pulumi.Input<DistributionOrderedCacheBehavior>[]>;
    priceClass?: pulumi.Input<string>;
    aliases?: pulumi.Input<pulumi.Input<string>[]>;
    viewerCertificate?: pulumi.Input<DistributionViewerCertificate>;
    restrictions?: pulumi.Input<DistributionRestrictions>;
    comment?: pulumi.Input<string>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

interface DistributionOrigin {
    domainName: pulumi.Input<string>;
    originId: pulumi.Input<string>;
    originPath?: pulumi.Input<string>;
    customHeaders?: pulumi.Input<pulumi.Input<{
        name: pulumi.Input<string>;
        value: pulumi.Input<string>;
    }>[]>;
    s3OriginConfig?: pulumi.Input<{
        originAccessIdentity: pulumi.Input<string>;
    }>;
    customOriginConfig?: pulumi.Input<{
        httpPort?: pulumi.Input<number>;
        httpsPort?: pulumi.Input<number>;
        originProtocolPolicy: pulumi.Input<"http-only" | "https-only" | "match-viewer">;
        originSslProtocols?: pulumi.Input<pulumi.Input<string>[]>;
        originReadTimeout?: pulumi.Input<number>;
        originKeepaliveTimeout?: pulumi.Input<number>;
    }>;
}

interface DistributionDefaultCacheBehavior {
    targetOriginId: pulumi.Input<string>;
    viewerProtocolPolicy: pulumi.Input<"allow-all" | "https-only" | "redirect-to-https">;
    allowedMethods?: pulumi.Input<pulumi.Input<string>[]>;
    cachedMethods?: pulumi.Input<pulumi.Input<string>[]>;
    compress?: pulumi.Input<boolean>;
    defaultTtl?: pulumi.Input<number>;
    maxTtl?: pulumi.Input<number>;
    minTtl?: pulumi.Input<number>;
    forwardedValues?: pulumi.Input<{
        queryString: pulumi.Input<boolean>;
        cookies: pulumi.Input<{
            forward: pulumi.Input<"none" | "whitelist" | "all">;
            whitelistedNames?: pulumi.Input<pulumi.Input<string>[]>;
        }>;
        headers?: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    cachePolicyId?: pulumi.Input<string>;
    originRequestPolicyId?: pulumi.Input<string>;
    responseHeadersPolicyId?: pulumi.Input<string>;
}

interface DistributionOrderedCacheBehavior {
    pathPattern: pulumi.Input<string>;
    targetOriginId: pulumi.Input<string>;
    viewerProtocolPolicy: pulumi.Input<"allow-all" | "https-only" | "redirect-to-https">;
    allowedMethods?: pulumi.Input<pulumi.Input<string>[]>;
    cachedMethods?: pulumi.Input<pulumi.Input<string>[]>;
    compress?: pulumi.Input<boolean>;
    defaultTtl?: pulumi.Input<number>;
    maxTtl?: pulumi.Input<number>;
    minTtl?: pulumi.Input<number>;
    forwardedValues?: pulumi.Input<{
        queryString: pulumi.Input<boolean>;
        cookies: pulumi.Input<{
            forward: pulumi.Input<"none" | "whitelist" | "all">;
            whitelistedNames?: pulumi.Input<pulumi.Input<string>[]>;
        }>;
        headers?: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    cachePolicyId?: pulumi.Input<string>;
    originRequestPolicyId?: pulumi.Input<string>;
}

interface DistributionViewerCertificate {
    cloudfrontDefaultCertificate?: pulumi.Input<boolean>;
    acmCertificateArn?: pulumi.Input<string>;
    iamCertificateId?: pulumi.Input<string>;
    minimumProtocolVersion?: pulumi.Input<string>;
    sslSupportMethod?: pulumi.Input<"sni-only" | "vip">;
}

interface DistributionRestrictions {
    geoRestriction: pulumi.Input<{
        restrictionType: pulumi.Input<"none" | "whitelist" | "blacklist">;
        locations?: pulumi.Input<pulumi.Input<string>[]>;
    }>;
}

Usage Example

const distribution = new aws.cloudfront.Distribution("cdn", {
    enabled: true,
    origins: [{
        domainName: bucket.bucketRegionalDomainName,
        originId: "S3-my-bucket",
    }],
    defaultCacheBehavior: {
        allowedMethods: ["GET", "HEAD"],
        cachedMethods: ["GET", "HEAD"],
        targetOriginId: "S3-my-bucket",
        viewerProtocolPolicy: "redirect-to-https",
        forwardedValues: {
            queryString: false,
            cookies: { forward: "none" },
        },
    },
    priceClass: "PriceClass_100",
    restrictions: {
        geoRestriction: {
            restrictionType: "none",
        },
    },
    viewerCertificate: {
        cloudfrontDefaultCertificate: true,
    },
});

export const cdnDomain = distribution.domainName;

Related Services

  • S3 - Origin for static content delivery
  • ACM - SSL/TLS certificates for custom domains
  • Route 53 - DNS alias records for custom domains
  • WAF - Web application firewall for CloudFront
  • Lambda@Edge - Edge computing for request/response manipulation

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws

docs

networking

apigateway.md

apigatewayv2.md

cloudfront.md

lb.md

overview.md

route53.md

vpc.md

index.md

quickstart.md

README.md

tile.json