aws-cloudfront-apigateway-lambda - AWS Solutions Constructs

aws-cloudfront-apigateway-lambda

Language Package
Python aws_solutions_constructs.aws_cloudfront_apigateway_lambda
Typescript @aws-solutions-constructs/aws-cloudfront-apigateway-lambda
Java software.amazon.awsconstructs.services.cloudfrontapigatewaylambda

Overview

This AWS Solutions Construct implements an AWS CloudFront fronting an Amazon API Gateway Lambda backed REST API.

Here is a minimal deployable pattern definition:

Typescript
import { Construct } from 'constructs'; import { Stack, StackProps } from 'aws-cdk-lib'; import { CloudFrontToApiGatewayToLambda } from '@aws-solutions-constructs/aws-cloudfront-apigateway-lambda'; import * as lambda from 'aws-cdk-lib/aws-lambda'; new CloudFrontToApiGatewayToLambda(this, 'test-cloudfront-apigateway-lambda', { lambdaFunctionProps: { code: lambda.Code.fromAsset(`lambda`), runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler' } });
Python
from aws_solutions_constructs.aws_cloudfront_apigateway_lambda import CloudFrontToApiGatewayToLambda from aws_cdk import ( aws_lambda as _lambda, Stack ) from constructs import Construct CloudFrontToApiGatewayToLambda(self, 'test-cloudfront-apigateway-lambda', lambda_function_props=_lambda.FunctionProps( code=_lambda.Code.from_asset('lambda'), runtime=_lambda.Runtime.PYTHON_3_9, handler='index.handler' ) )
Java
import software.constructs.Construct; import software.amazon.awscdk.Stack; import software.amazon.awscdk.StackProps; import software.amazon.awscdk.services.lambda.*; import software.amazon.awscdk.services.lambda.Runtime; import software.amazon.awsconstructs.services.cloudfrontapigatewaylambda.*; new CloudFrontToApiGatewayToLambda(this, "test-cloudfront-apigateway-lambda", new CloudFrontToApiGatewayToLambdaProps.Builder() .lambdaFunctionProps(new FunctionProps.Builder() .runtime(Runtime.NODEJS_14_X) .code(Code.fromAsset("lambda")) .handler("index.handler") .build()) .build());

Pattern Construct Props

Name Type Description
existingLambdaObj? lambda.Function Existing instance of Lambda Function object, providing both this and lambdaFunctionProps will cause an error.
lambdaFunctionProps? lambda.FunctionProps Optional user provided props to override the default props for the Lambda function.
apiGatewayProps? api.LambdaRestApiProps Optional user provided props to override the default props for API Gateway
cloudFrontDistributionProps? cloudfront.DistributionProps Optional user provided props to override the default props for CloudFront Distribution
insertHttpSecurityHeaders? boolean Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront
logGroupProps? logs.LogGroupProps Optional user provided props to override the default props for for the CloudWatchLogs LogGroup.
cloudFrontLoggingBucketProps? s3.BucketProps Optional user provided props to override the default props for the CloudFront Logging Bucket.

Pattern Properties

Name Type Description
cloudFrontWebDistribution cloudfront.Distribution Returns an instance of cloudfront.Distribution created by the construct
cloudFrontFunction? cloudfront.Function Returns an instance of the Cloudfront function created by the pattern.
cloudFrontLoggingBucket s3.Bucket Returns an instance of the logging bucket for CloudFront Distribution.
apiGateway api.RestApi Returns an instance of the API Gateway REST API created by the pattern.
apiGatewayCloudWatchRole? iam.Role Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.
apiGatewayLogGroup logs.LogGroup Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.
lambdaFunction lambda.Function Returns an instance of the Lambda function created by the pattern.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon CloudFront

  • Configure Access logging for CloudFront Distribution

  • Enable automatic injection of best practice HTTP security headers in all responses from CloudFront Distribution

Amazon API Gateway

  • Deploy a regional API endpoint

  • Enable CloudWatch logging for API Gateway

  • Configure least privilege access IAM role for API Gateway

  • Set the default authorizationType for all API methods to NONE

  • Enable X-Ray Tracing

AWS Lambda Function

  • Configure limited privilege access IAM role for Lambda function

  • Enable reusing connections with Keep-Alive for NodeJs Lambda function

  • Enable X-Ray Tracing

  • Set Environment Variables

    • AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Architecture

GitHub

To view the code for this pattern, create/view issues and pull requests, and more:
@aws-solutions-constructs/aws-cloudfront-apigateway-lambda