Automatically creates properly configured AWS CloudFront distribution that routes traffic to AppSync.
This plugin is modified from serverless-api-cloudfront & serverless-domain-manager plugins to support AppSync instead of API Gateway.
⚡ Pros
- Allows you to set-up custom domain for your AppSync
- Web Application Firewall support - enable AWS WAF to protect your API from security threats
Either point to this repository from your package.json or clone this repo to .serverless_plugins
folder in your project.
TODO: pending NPM release
- All appSyncCloudFront configuration parameters are optional - e.g. don't provide ACM Certificate ARN to use default CloudFront certificate (which works only for default cloudfront.net domain).
- First deployment may be quite long (e.g. 10 min) as Serverless is waiting for CloudFormation to deploy CloudFront distribution.
# add in your serverless.yml
plugins:
- serverless-appsync-cloudfront
custom:
appSyncCloudFront:
domainName: my-custom-domain.com
certificate: arn:aws:acm:us-east-1:000000000000:certificate/00000000-1111-2222-3333-444444444444
waf: 00000000-0000-0000-0000-000000000000
compress: true
logging:
bucket: my-bucket.s3.amazonaws.com
prefix: my-prefix
cookies: none
headers:
- x-api-key
querystring:
- page
- per_page
priceClass: PriceClass_100
minimumProtocolVersion: TLSv1
domain
can be list, so if you want to add more domains, instead string you list multiple ones:
domain:
- my-custom-domain.com
- secondary-custom-domain.com
cookies
can be all (default), none or a list that lists the cookies to whitelist
cookies:
- FirstCookieName
- SecondCookieName
headers
can be all, none (default) or a list of headers (see CloudFront custom behaviour):
headers: all
querystring
can be all (default), none or a list, in which case all querystring parameters are forwarded, but cache is based on the list:
querystring: all
priceClass
can bePriceClass_All
(default),PriceClass_100
orPriceClass_200
:
priceClass: PriceClass_All
minimumProtocolVersion
can beTLSv1
(default),TLSv1_2016
,TLSv1.1_2016
,TLSv1.2_2018
orSSLv3
:
minimumProtocolVersion: TLSv1
In order to make this plugin work as expected a few additional IAM Policies might be needed on your AWS profile.
More specifically this plugin needs the following policies attached:
cloudfront:CreateDistribution
cloudfront:GetDistribution
cloudfront:UpdateDistribution
cloudfront:DeleteDistribution
cloudfront:TagResource
You can read more about IAM profiles and policies in the Serverless documentation.