Overview Pattern Construct Props Pattern Properties Default settings Architecture GitHub

aws-cloudfront-apigateway-lambda

Two labels: "CFN-RESOURCES" in gray and "STABLE" in green.

Language	Package
Python	`aws_solutions_constructs.aws_cloudfront_apigateway_lambda`
Typescript	`@aws-solutions-constructs/aws-cloudfront-apigateway-lambda`
Java	`software.amazon.awsconstructs.services.cloudfrontapigatewaylambda`

Overview

This AWS Solutions Construct implements an AWS CloudFront fronting an Amazon API Gateway Lambda backed REST API.

Here is a minimal deployable pattern definition:

Typescript



import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { CloudFrontToApiGatewayToLambda } from '@aws-solutions-constructs/aws-cloudfront-apigateway-lambda';
import * as lambda from 'aws-cdk-lib/aws-lambda';

new CloudFrontToApiGatewayToLambda(this, 'test-cloudfront-apigateway-lambda', {
  lambdaFunctionProps: {
    code: lambda.Code.fromAsset(`lambda`),
    runtime: lambda.Runtime.NODEJS_20_X,
    handler: 'index.handler'
  },
  apiGatewayProps: {
    defaultMethodOptions: {
      authorizationType: api.AuthorizationType.NONE
    }
  },
});

Python



from aws_solutions_constructs.aws_cloudfront_apigateway_lambda import CloudFrontToApiGatewayToLambda
from aws_cdk import (
  aws_lambda as _lambda,
  aws_apigateway as apigw,
  Stack
)
from constructs import Construct

        CloudFrontToApiGatewayToLambda(
            self, 'CloudFrontApiGatewayToLambda',
            lambda_function_props=_lambda.FunctionProps(
                runtime=_lambda.Runtime.PYTHON_3_11,
                code=_lambda.Code.from_asset('lambda'),
                handler='hello.handler',
            ),
            # NOTE - we use RestApiProps here because the actual type, LambdaRestApiProps requires
            # the handler function which does not yet exist. As RestApiProps is a subset of of LambdaRestApiProps
            # (although does not *extend* that interface) this works fine when the props object reaches the 
            # underlying TypeScript code that implements Constructs
            api_gateway_props=apigw.RestApiProps(
                default_method_options=apigw.MethodOptions(
                    authorization_type=apigw.AuthorizationType.NONE
                )
            )
        )

Java



import software.constructs.Construct;

import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.services.lambda.*;
import software.amazon.awscdk.services.lambda.Runtime;
import software.amazon.awsconstructs.services.cloudfrontapigatewaylambda.*;
import software.amazon.awsconstructs.services.cloudfrontapigatewaylambda.CloudFrontToApiGatewayToLambdaProps;

new CloudFrontToApiGatewayToLambda(this, "ApiGatewayToLambdaPattern", new CloudFrontToApiGatewayToLambdaProps.Builder()
        .lambdaFunctionProps(new FunctionProps.Builder()
                .runtime(Runtime.NODEJS_20_X) // execution environment
                .code(Code.fromAsset("lambda")) // code loaded from the `lambda` directory (under root, next to `src`)
                .handler("hello.handler") // file is `hello`, function is `handler`
                .build())
        // NOTE - we use RestApiProps here because the actual type, LambdaRestApiProps requires
        // the handler function which does not yet exist. As RestApiProps is a subset of of LambdaRestApiProps
        // (although does not *extend* that interface) this works fine when the props object reaches the 
        // underlying TypeScript code that implements Constructs
        .apiGatewayProps(new RestApiProps.Builder()
                .defaultMethodOptions(new MethodOptions.Builder()
                        .authorizationType(AuthorizationType.NONE)
                        .build())
                .build())
        .build());

Pattern Construct Props

Name	Type	Description
existingLambdaObj?	`lambda.Function`	Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.
lambdaFunctionProps?	`lambda.FunctionProps`	Optional user provided props to override the default props for the Lambda function.
apiGatewayProps?	`api.LambdaRestApiProps`	User provided props to override the default props for the API Gateway. As of release 2.48.0, clients must include this property with `defaultMethodOptions: { authorizationType: string }` specified. See Issue1043 in the github repo https://github.com/awslabs/aws-solutions-constructs/issues/1043
cloudFrontDistributionProps?	`cloudfront.DistributionProps`	Optional user provided props to override the default props for CloudFront Distribution
insertHttpSecurityHeaders?	`boolean`	Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront
responseHeadersPolicyProps?	`cloudfront.ResponseHeadersPolicyProps`	Optional user provided configuration that cloudfront applies to all http responses.
logGroupProps?	`logs.LogGroupProps`	Optional user provided props to override the default props for for the CloudWatchLogs LogGroup.
cloudFrontLoggingBucketProps?	`s3.BucketProps`	Optional user provided props to override the default props for the CloudFront Logging Bucket.

Pattern Properties

Name	Type	Description
cloudFrontWebDistribution	`cloudfront.Distribution`	Returns an instance of cloudfront.Distribution created by the construct
cloudFrontFunction?	`cloudfront.Function`	Returns an instance of the Cloudfront function created by the pattern.
cloudFrontLoggingBucket	`s3.Bucket`	Returns an instance of the logging bucket for CloudFront Distribution.
apiGateway	`api.RestApi`	Returns an instance of the API Gateway REST API created by the pattern.
apiGatewayCloudWatchRole?	`iam.Role`	Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.
apiGatewayLogGroup	`logs.LogGroup`	Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.
lambdaFunction	`lambda.Function`	Returns an instance of the Lambda function created by the pattern.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon CloudFront

Configure Access logging for CloudFront Distribution
Enable automatic injection of best practice HTTP security headers in all responses from CloudFront Distribution

Amazon API Gateway

Deploy a regional API endpoint
Enable CloudWatch logging for API Gateway
Configure least privilege access IAM role for API Gateway
Set the default authorizationType for all API methods to NONE
Enable X-Ray Tracing

AWS Lambda Function

Configure limited privilege access IAM role for Lambda function
Enable reusing connections with Keep-Alive for NodeJs Lambda function
Enable X-Ray Tracing
Set Environment Variables
- AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Architecture

Diagram showing data flow between AWS services including AppSync, Lambda, and CloudSearch.

GitHub

To view the code for this pattern, create/view issues and pull requests, and more:
	@aws-solutions-constructs/aws-cloudfront-apigateway-lambda

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

aws-apigatewayv2websocket-sqs

aws-cloudfront-apigateway