aws-cloudfront-apigateway-lambda - AWS Solutions Constructs

aws-cloudfront-apigateway-lambda

All classes are under active development and subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Language Package
Python
aws_solutions_constructs.aws_cloudfront_apigateway_lambda
Typescript
@aws-solutions-constructs/aws-cloudfront-apigateway-lambda
Java
software.amazon.awsconstructs.services.cloudfrontapigatewaylambda

This AWS Solutions Constructs pattern implements an Amazon CloudFront fronting an Amazon API Gateway Lambda backed REST API.

Here is a minimal deployable pattern definition:

import * as defaults from '@aws-solutions-constructs/core'; import { CloudFrontToApiGatewayToLambda } from '@aws-solutions-constructs/aws-cloudfront-apigateway-lambda'; const stack = new Stack(); const lambdaProps: lambda.FunctionProps = { code: lambda.Code.asset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }; new CloudFrontToApiGatewayToLambda(stack, 'test-cloudfront-apigateway-lambda', { lambdaFunctionProps: lambdaProps });

Initializer

new CloudFrontToApiGatewayToLambda(scope: Construct, id: string, props: CloudFrontToApiGatewayToLambdaProps);

Parameters

Pattern Construct Props

Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambda function to be used instead of the default function. If an existing function is provided, the lambdaFunctionProps property will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-provided properties to override the default properties for the Lambda function. Ignored if an existingLambdaObj is provided.
apiGatewayProps? api.LambdaRestApiProps Optional user provided props to override the default props for API Gateway
cloudFrontDistributionProps? cloudfront.CloudFrontWebDistributionProps Optional user provided props to override the default props for CloudFront Distribution
insertHttpSecurityHeaders? boolean Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront

Pattern Properties

Name Type Description
apiGateway api.RestApi Returns an instance of the API Gateway REST API created by the pattern.
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAM role created by the pattern that enables access logging from the API Gateway REST API to CloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the log group created by the pattern that API Gateway REST API access logs are sent to.
cloudFrontLoggingBucket? s3.Bucket Returns an instance of the logging bucket created by the pattern for the CloudFront web distribution.
cloudFrontWebDistribution cloudfront.CloudFrontWebDistribution Returns an instance of the CloudFront web distribution created by the pattern.
edgeLambdaFunctionVersion? lambda.Version Returns an instance of the Lambda edge function version created by the pattern.
lambdaFunction lambda.Function Returns an instance of the Lambda function created by the pattern.

Default settings

Out-of-the-box implementation of this pattern without any overrides will set the following defaults:

Amazon CloudFront

  • Configure Access logging for CloudFront WebDistribution

  • Enable automatic injection of best practice HTTP security headers in all responses from CloudFront WebDistribution

Amazon API Gateway

  • Deploy a regional API endpoint

  • Enable CloudWatch logging for API Gateway

  • Configure least privilege access IAM role for API Gateway

  • Set the default authorizationType for all API methods to IAM

AWS Lambda Function

  • Configure least privilege access IAM role for Lambda function

  • Enable reusing connections with Keep-Alive for NodeJs Lambda function

Architecture