API Reference

Classes

Name	Description
AuthFlow	No description
Authorization	No description
BaseDistribution	No description
RetrieveUserPoolClientSecret	No description
SecretGenerator	No description
SpaAuthorization	No description
SpaDistribution	No description
StaticSiteAuthorization	No description
StaticSiteDistribution	No description
UserPoolClientRedirects	No description

Structs

Name	Description
AuthFlowProps	No description
AuthorizationProps	No description
BaseDistributionProps	No description
CommonDistributionProps	No description
RedirectPaths	No description
RetrieveUserPoolClientSecretProps	No description
SecretGeneratorProps	No description
SpaDistributionProps	No description
StaticSiteDistributionProps	No description
UserPoolClientCallbackUrls	No description
UserPoolClientRedirectsProps	No description

Interfaces

Name	Description
IAuthorization	No description
ISpaAuthorization	No description
IStaticSiteAuthorization	No description

Enums

Name	Description
Mode	No description

class AuthFlow

Implements: IConstruct, IConstruct, IConstruct, IDependable Extends: Construct

Initializer

new AuthFlow(scope: Construct, id: string, props: AuthFlowProps)

scope (Construct) No description
id (string) No description
props (AuthFlowProps) No description
- cognitoAuthDomain (string) No description
- cookieSettings (Map<string, string>) No description
- httpHeaders (Map<string, string>) No description
- logLevel (LogLevel) No description
- nonceSigningSecret (string) No description
- oauthScopes (Array<OAuthScope>) No description
- redirectPaths (RedirectPaths) No description
- userPool (IUserPool) No description
- userPoolClient (IUserPoolClient) No description
- clientSecret (string) No description Optional

Properties

Name	Type	Description
checkAuth	`EdgeFunction`
httpHeaders	`EdgeFunction`
parseAuth	`EdgeFunction`
refreshAuth	`EdgeFunction`
signOut	`EdgeFunction`

class Authorization

Implements: IConstruct, IConstruct, IConstruct, IDependable Extends: Construct Implemented by: SpaAuthorization, StaticSiteAuthorization

Initializer

new Authorization(scope: Construct, id: string, props: AuthorizationProps)

scope (Construct) No description
id (string) No description
props (AuthorizationProps) No description
- userPool (IUserPool) No description
- cookieSettings (Map<string, string>) No description Optional
- httpHeaders (Map<string, string>) No description Optional
- identityProviders (Array<UserPoolClientIdentityProvider>) No description Optional
- logLevel (LogLevel) No description Optional
- oauthScopes (Array<OAuthScope>) No description Optional
- redirectPaths (RedirectPaths) No description Optional
- signOutUrl (string) No description Optional

Properties

Name	Type	Description
authFlow	`AuthFlow`
cognitoAuthDomain	`string`
httpHeaders	`Map<string, string>`
identityProviders	`Array<UserPoolClientIdentityProvider>`
nonceSigningSecret	`string`
oauthScopes	`Array<OAuthScope>`
redirectPaths	`RedirectPaths`
signOutUrlPath	`string`
userPool	`IUserPool`
userPoolClient	`IUserPoolClient`
cookieSettings?	`Map<string, string>`	*Optional*

Methods

createAdditionalBehaviors(origin, options?)

createAdditionalBehaviors(origin: IOrigin, options?: AddBehaviorOptions): Map<string, BehaviorOptions>

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

Map<string, BehaviorOptions>

createDefaultBehavior(origin, options?)

createDefaultBehavior(origin: IOrigin, options?: AddBehaviorOptions): BehaviorOptions

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

BehaviorOptions

createLegacyAdditionalBehaviors(options?)

createLegacyAdditionalBehaviors(options?: Behavior): Array<Behavior>

options (Behavior) No description
- allowedMethods (CloudFrontAllowedMethods) The method this CloudFront distribution responds do. Default: GET_HEAD
- cachedMethods (CloudFrontAllowedCachedMethods) Which methods are cached by CloudFront by default. Default: GET_HEAD
- compress (boolean) If CloudFront should automatically compress some content types. Default: true
- defaultTtl (Duration) The default amount of time CloudFront will cache an object. Default: 86400 (1 day)
- forwardedValues (CfnDistribution.ForwardedValuesProperty) The values CloudFront will forward to the origin when making a request. Default: none (no cookies - no headers)
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- isDefaultBehavior (boolean) If this behavior is the default behavior for the distribution. Optional
- lambdaFunctionAssociations (Array<LambdaFunctionAssociation>) Declares associated lambda@edge functions for this distribution behaviour. Default: No lambda function associated
- maxTtl (Duration) The max amount of time you want objects to stay in the cache before CloudFront queries your origin. Default: Duration.seconds(31536000) (one year)
- minTtl (Duration) The minimum amount of time that you want objects to stay in the cache before CloudFront queries your origin. Optional
- pathPattern (string) The path this behavior responds to. Optional
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- trustedSigners (Array) Trusted signers is how CloudFront allows you to serve private content. Optional

Returns:

Array<Behavior>

createLegacyDefaultBehavior(options?)

createLegacyDefaultBehavior(options?: Behavior): Behavior

options (Behavior) No description
- allowedMethods (CloudFrontAllowedMethods) The method this CloudFront distribution responds do. Default: GET_HEAD
- cachedMethods (CloudFrontAllowedCachedMethods) Which methods are cached by CloudFront by default. Default: GET_HEAD
- compress (boolean) If CloudFront should automatically compress some content types. Default: true
- defaultTtl (Duration) The default amount of time CloudFront will cache an object. Default: 86400 (1 day)
- forwardedValues (CfnDistribution.ForwardedValuesProperty) The values CloudFront will forward to the origin when making a request. Default: none (no cookies - no headers)
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- isDefaultBehavior (boolean) If this behavior is the default behavior for the distribution. Optional
- lambdaFunctionAssociations (Array<LambdaFunctionAssociation>) Declares associated lambda@edge functions for this distribution behaviour. Default: No lambda function associated
- maxTtl (Duration) The max amount of time you want objects to stay in the cache before CloudFront queries your origin. Default: Duration.seconds(31536000) (one year)
- minTtl (Duration) The minimum amount of time that you want objects to stay in the cache before CloudFront queries your origin. Optional
- pathPattern (string) The path this behavior responds to. Optional
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- trustedSigners (Array) Trusted signers is how CloudFront allows you to serve private content. Optional

Returns:

Behavior

updateUserPoolClientCallbacks(redirects)

updateUserPoolClientCallbacks(redirects: UserPoolClientCallbackUrls): void

redirects (UserPoolClientCallbackUrls) No description
- callbackUrls (Array) A list of allowed redirect (callback) URLs for the identity providers.
- logoutUrls (Array) A list of allowed logout URLs for the identity providers.

protected createAuthFlow(logLevel)

protected createAuthFlow(logLevel: LogLevel): AuthFlow

logLevel (LogLevel) No description

Returns:

AuthFlow

protected createUserPoolClient()

protected createUserPoolClient(): IUserPoolClient

Returns:

IUserPoolClient

class BaseDistribution

Implements: IConstruct, IConstruct, IConstruct, IDependable, IDistribution, IConstruct, IDependable, IConstruct, IResource Extends: Construct

Initializer

new BaseDistribution(scope: Construct, id: string, props: BaseDistributionProps)

scope (Construct) No description
id (string) No description
props (BaseDistributionProps) No description
- certificate (ICertificate) A certificate to associate with the distribution. Default: the CloudFront wildcard certificate (*.cloudfront.net) will be used.
- comment (string) Any comments you want to include about the distribution. Default: no comment
- defaultRootObject (string) The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/). Default: index.html
- domainNames (Array) Alternative domain names for this distribution. Default: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
- enabled (boolean) Enable or disable the distribution. Default: true
- enableIpv6 (boolean) Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. Default: true
- enableLogging (boolean) Enable access logging for the distribution. Default: false, unless logBucket is specified.
- geoRestriction (GeoRestriction) Controls the countries in which your content is distributed. Default: No geographic restrictions
- httpVersion (HttpVersion) Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. Default: HttpVersion.HTTP2
- logBucket (IBucket) The Amazon S3 bucket to store the access logs in. Default: A bucket is created if enableLogging is true
- logFilePrefix (string) An optional string that you want CloudFront to prefix to the access log filenames for this distribution. Default: no prefix
- logIncludesCookies (boolean) Specifies whether you want CloudFront to include cookies in access logs. Default: false
- minimumProtocolVersion (SecurityPolicyProtocol) The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Default: SecurityPolicyProtocol.TLS_V1_2_2019
- origin (IOrigin) The origin that you want CloudFront to route requests. Optional
- priceClass (PriceClass) The price class that corresponds with the maximum price that you want to pay for CloudFront service. Default: PriceClass.PRICE_CLASS_100
- removalPolicy (RemovalPolicy) No description Default: Destroy
- webAclId (string) Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. Default: No AWS Web Application Firewall web access control list (web ACL).
- authorization (IAuthorization) No description
- errorResponses (Array<ErrorResponse>) No description Optional

Properties

Name	Type	Description
distributionDomainName	`string`	The domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
distributionId	`string`	The distribution ID for this distribution.
domainName	`string`	(deprecated) The domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
env	`ResourceEnvironment`	The environment this resource belongs to.
stack	`Stack`	The stack in which this resource is defined.

Methods

protected renderAdditionalBehaviors(origin, authorization)

protected renderAdditionalBehaviors(origin: IOrigin, authorization: IAuthorization): Map<string, BehaviorOptions>

origin (IOrigin) No description
authorization (IAuthorization) No description

Returns:

Map<string, BehaviorOptions>

protected renderDefaultBehaviour(origin, authorization)

protected renderDefaultBehaviour(origin: IOrigin, authorization: IAuthorization): BehaviorOptions

origin (IOrigin) No description
authorization (IAuthorization) No description

Returns:

BehaviorOptions

class RetrieveUserPoolClientSecret

Implements: IConstruct, IConstruct, IConstruct, IDependable Extends: Construct

Initializer

new RetrieveUserPoolClientSecret(scope: Construct, id: string, props: RetrieveUserPoolClientSecretProps)

scope (Construct) No description
id (string) No description
props (RetrieveUserPoolClientSecretProps) No description
- userPool (IUserPool) No description
- userPoolClient (IUserPoolClient) No description

Properties

Name	Type	Description
clientSecret	`string`

class SecretGenerator

Implements: IConstruct, IConstruct, IConstruct, IDependable Extends: Construct

Initializer

new SecretGenerator(scope: Construct, id: string, props?: SecretGeneratorProps)

scope (Construct) No description
id (string) No description
props (SecretGeneratorProps) No description
- allowedCharacters (string) No description Optional
- length (number) No description Optional

Properties

Name	Type	Description
secret	`string`

class SpaAuthorization

Implements: IConstruct, IConstruct, IConstruct, IDependable, ISpaAuthorization, IAuthorization Extends: Authorization

Initializer

new SpaAuthorization(scope: Construct, id: string, props: AuthorizationProps)

scope (Construct) No description
id (string) No description
props (AuthorizationProps) No description
- userPool (IUserPool) No description
- cookieSettings (Map<string, string>) No description Optional
- httpHeaders (Map<string, string>) No description Optional
- identityProviders (Array<UserPoolClientIdentityProvider>) No description Optional
- logLevel (LogLevel) No description Optional
- oauthScopes (Array<OAuthScope>) No description Optional
- redirectPaths (RedirectPaths) No description Optional
- signOutUrl (string) No description Optional

Properties

Name	Type	Description
mode	`Mode`

Methods

protected createAuthFlow(logLevel)

protected createAuthFlow(logLevel: LogLevel): AuthFlow

logLevel (LogLevel) No description

Returns:

AuthFlow

protected createUserPoolClient()

protected createUserPoolClient(): IUserPoolClient

Returns:

IUserPoolClient

class SpaDistribution

Implements: IConstruct, IConstruct, IConstruct, IDependable, IDistribution, IConstruct, IDependable, IConstruct, IResource Extends: BaseDistribution

Initializer

new SpaDistribution(scope: Construct, id: string, props: SpaDistributionProps)

scope (Construct) No description
id (string) No description
props (SpaDistributionProps) No description
- certificate (ICertificate) A certificate to associate with the distribution. Default: the CloudFront wildcard certificate (*.cloudfront.net) will be used.
- comment (string) Any comments you want to include about the distribution. Default: no comment
- defaultRootObject (string) The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/). Default: index.html
- domainNames (Array) Alternative domain names for this distribution. Default: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
- enabled (boolean) Enable or disable the distribution. Default: true
- enableIpv6 (boolean) Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. Default: true
- enableLogging (boolean) Enable access logging for the distribution. Default: false, unless logBucket is specified.
- geoRestriction (GeoRestriction) Controls the countries in which your content is distributed. Default: No geographic restrictions
- httpVersion (HttpVersion) Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. Default: HttpVersion.HTTP2
- logBucket (IBucket) The Amazon S3 bucket to store the access logs in. Default: A bucket is created if enableLogging is true
- logFilePrefix (string) An optional string that you want CloudFront to prefix to the access log filenames for this distribution. Default: no prefix
- logIncludesCookies (boolean) Specifies whether you want CloudFront to include cookies in access logs. Default: false
- minimumProtocolVersion (SecurityPolicyProtocol) The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Default: SecurityPolicyProtocol.TLS_V1_2_2019
- origin (IOrigin) The origin that you want CloudFront to route requests. Optional
- priceClass (PriceClass) The price class that corresponds with the maximum price that you want to pay for CloudFront service. Default: PriceClass.PRICE_CLASS_100
- removalPolicy (RemovalPolicy) No description Default: Destroy
- webAclId (string) Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. Default: No AWS Web Application Firewall web access control list (web ACL).
- authorization (ISpaAuthorization) No description
- ttl (Duration) The minimum amount of time, in seconds, that you want CloudFront to cache the HTTP status code specified in ErrorCode. Default: 300 seconds

class StaticSiteAuthorization

Implements: IConstruct, IConstruct, IConstruct, IDependable, IStaticSiteAuthorization, IAuthorization Extends: Authorization

Initializer

new StaticSiteAuthorization(scope: Construct, id: string, props: AuthorizationProps)

scope (Construct) No description
id (string) No description
props (AuthorizationProps) No description
- userPool (IUserPool) No description
- cookieSettings (Map<string, string>) No description Optional
- httpHeaders (Map<string, string>) No description Optional
- identityProviders (Array<UserPoolClientIdentityProvider>) No description Optional
- logLevel (LogLevel) No description Optional
- oauthScopes (Array<OAuthScope>) No description Optional
- redirectPaths (RedirectPaths) No description Optional
- signOutUrl (string) No description Optional

Properties

Name	Type	Description
mode	`Mode`

Methods

protected createAuthFlow(logLevel)

protected createAuthFlow(logLevel: LogLevel): AuthFlow

logLevel (LogLevel) No description

Returns:

AuthFlow

protected createUserPoolClient()

protected createUserPoolClient(): IUserPoolClient

Returns:

IUserPoolClient

class StaticSiteDistribution

Implements: IConstruct, IConstruct, IConstruct, IDependable, IDistribution, IConstruct, IDependable, IConstruct, IResource Extends: BaseDistribution

Initializer

new StaticSiteDistribution(scope: Construct, id: string, props: StaticSiteDistributionProps)

scope (Construct) No description
id (string) No description
props (StaticSiteDistributionProps) No description
- certificate (ICertificate) A certificate to associate with the distribution. Default: the CloudFront wildcard certificate (*.cloudfront.net) will be used.
- comment (string) Any comments you want to include about the distribution. Default: no comment
- defaultRootObject (string) The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/). Default: index.html
- domainNames (Array) Alternative domain names for this distribution. Default: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
- enabled (boolean) Enable or disable the distribution. Default: true
- enableIpv6 (boolean) Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. Default: true
- enableLogging (boolean) Enable access logging for the distribution. Default: false, unless logBucket is specified.
- geoRestriction (GeoRestriction) Controls the countries in which your content is distributed. Default: No geographic restrictions
- httpVersion (HttpVersion) Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. Default: HttpVersion.HTTP2
- logBucket (IBucket) The Amazon S3 bucket to store the access logs in. Default: A bucket is created if enableLogging is true
- logFilePrefix (string) An optional string that you want CloudFront to prefix to the access log filenames for this distribution. Default: no prefix
- logIncludesCookies (boolean) Specifies whether you want CloudFront to include cookies in access logs. Default: false
- minimumProtocolVersion (SecurityPolicyProtocol) The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Default: SecurityPolicyProtocol.TLS_V1_2_2019
- origin (IOrigin) The origin that you want CloudFront to route requests. Optional
- priceClass (PriceClass) The price class that corresponds with the maximum price that you want to pay for CloudFront service. Default: PriceClass.PRICE_CLASS_100
- removalPolicy (RemovalPolicy) No description Default: Destroy
- webAclId (string) Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. Default: No AWS Web Application Firewall web access control list (web ACL).
- authorization (IStaticSiteAuthorization) No description
- errorResponses (Array<ErrorResponse>) No description Optional

class UserPoolClientRedirects

Implements: IConstruct, IConstruct, IConstruct, IDependable Extends: Construct

Initializer

new UserPoolClientRedirects(scope: Construct, id: string, props: UserPoolClientRedirectsProps)

scope (Construct) No description
id (string) No description
props (UserPoolClientRedirectsProps) No description
- callbackUrls (Array) No description
- identityProviders (Array<UserPoolClientIdentityProvider>) No description
- logoutUrls (Array) No description
- oauthScopes (Array<OAuthScope>) No description
- userPool (IUserPool) No description
- userPoolClient (IUserPoolClient) No description

struct AuthFlowProps

Name	Type	Description
cognitoAuthDomain	`string`
cookieSettings	`Map<string, string>`
httpHeaders	`Map<string, string>`
logLevel	`LogLevel`
nonceSigningSecret	`string`
oauthScopes	`Array<OAuthScope>`
redirectPaths	`RedirectPaths`
userPool	`IUserPool`
userPoolClient	`IUserPoolClient`
clientSecret?	`string`	*Optional*

struct AuthorizationProps

Name	Type	Description
userPool	`IUserPool`
cookieSettings?	`Map<string, string>`	*Optional*
httpHeaders?	`Map<string, string>`	*Optional*
identityProviders?	`Array<UserPoolClientIdentityProvider>`	*Optional*
logLevel?	`LogLevel`	*Optional*
oauthScopes?	`Array<OAuthScope>`	*Optional*
redirectPaths?	`RedirectPaths`	*Optional*
signOutUrl?	`string`	*Optional*

struct BaseDistributionProps

Name	Type	Description
authorization	`IAuthorization`
certificate?	`ICertificate`	A certificate to associate with the distribution. *Default: the CloudFront wildcard certificate (.cloudfront.net) will be used.
comment?	`string`	Any comments you want to include about the distribution. *Default*: no comment
defaultRootObject?	`string`	The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/). *Default*: index.html
domainNames?	`Array`	Alternative domain names for this distribution. *Default*: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
enableIpv6?	`boolean`	Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. *Default*: true
enableLogging?	`boolean`	Enable access logging for the distribution. *Default*: false, unless `logBucket` is specified.
enabled?	`boolean`	Enable or disable the distribution. *Default*: true
errorResponses?	`Array<ErrorResponse>`	*Optional*
geoRestriction?	`GeoRestriction`	Controls the countries in which your content is distributed. *Default*: No geographic restrictions
httpVersion?	`HttpVersion`	Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. *Default*: HttpVersion.HTTP2
logBucket?	`IBucket`	The Amazon S3 bucket to store the access logs in. *Default*: A bucket is created if `enableLogging` is true
logFilePrefix?	`string`	An optional string that you want CloudFront to prefix to the access log filenames for this distribution. *Default*: no prefix
logIncludesCookies?	`boolean`	Specifies whether you want CloudFront to include cookies in access logs. *Default*: false
minimumProtocolVersion?	`SecurityPolicyProtocol`	The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. *Default*: SecurityPolicyProtocol.TLS_V1_2_2019
origin?	`IOrigin`	The origin that you want CloudFront to route requests. *Optional*
priceClass?	`PriceClass`	The price class that corresponds with the maximum price that you want to pay for CloudFront service. *Default*: PriceClass.PRICE_CLASS_100
removalPolicy?	`RemovalPolicy`	*Default*: Destroy
webAclId?	`string`	Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. *Default*: No AWS Web Application Firewall web access control list (web ACL).

struct CommonDistributionProps

Name	Type	Description
certificate?	`ICertificate`	A certificate to associate with the distribution. *Default: the CloudFront wildcard certificate (.cloudfront.net) will be used.
comment?	`string`	Any comments you want to include about the distribution. *Default*: no comment
defaultRootObject?	`string`	The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/). *Default*: index.html
domainNames?	`Array`	Alternative domain names for this distribution. *Default*: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
enableIpv6?	`boolean`	Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. *Default*: true
enableLogging?	`boolean`	Enable access logging for the distribution. *Default*: false, unless `logBucket` is specified.
enabled?	`boolean`	Enable or disable the distribution. *Default*: true
geoRestriction?	`GeoRestriction`	Controls the countries in which your content is distributed. *Default*: No geographic restrictions
httpVersion?	`HttpVersion`	Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. *Default*: HttpVersion.HTTP2
logBucket?	`IBucket`	The Amazon S3 bucket to store the access logs in. *Default*: A bucket is created if `enableLogging` is true
logFilePrefix?	`string`	An optional string that you want CloudFront to prefix to the access log filenames for this distribution. *Default*: no prefix
logIncludesCookies?	`boolean`	Specifies whether you want CloudFront to include cookies in access logs. *Default*: false
minimumProtocolVersion?	`SecurityPolicyProtocol`	The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. *Default*: SecurityPolicyProtocol.TLS_V1_2_2019
origin?	`IOrigin`	The origin that you want CloudFront to route requests. *Optional*
priceClass?	`PriceClass`	The price class that corresponds with the maximum price that you want to pay for CloudFront service. *Default*: PriceClass.PRICE_CLASS_100
removalPolicy?	`RemovalPolicy`	*Default*: Destroy
webAclId?	`string`	Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. *Default*: No AWS Web Application Firewall web access control list (web ACL).

interface IAuthorization

Implemented by: SpaAuthorization, StaticSiteAuthorization

Properties

Name	Type	Description
redirectPaths	`RedirectPaths`
signOutUrlPath	`string`

Methods

createAdditionalBehaviors(origin, options?)

createAdditionalBehaviors(origin: IOrigin, options?: AddBehaviorOptions): Map<string, BehaviorOptions>

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

Map<string, BehaviorOptions>

createDefaultBehavior(origin, options?)

createDefaultBehavior(origin: IOrigin, options?: AddBehaviorOptions): BehaviorOptions

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

BehaviorOptions

createLegacyAdditionalBehaviors()

createLegacyAdditionalBehaviors(): Array<Behavior>

Returns:

Array<Behavior>

createLegacyDefaultBehavior()

createLegacyDefaultBehavior(): Behavior

Returns:

Behavior

updateUserPoolClientCallbacks(redirects)

updateUserPoolClientCallbacks(redirects: UserPoolClientCallbackUrls): void

redirects (UserPoolClientCallbackUrls) No description
- callbackUrls (Array) A list of allowed redirect (callback) URLs for the identity providers.
- logoutUrls (Array) A list of allowed logout URLs for the identity providers.

interface ISpaAuthorization

Implemented by: SpaAuthorization

Properties

Name	Type	Description
mode	`Mode`
redirectPaths	`RedirectPaths`
signOutUrlPath	`string`

Methods

createAdditionalBehaviors(origin, options?)

createAdditionalBehaviors(origin: IOrigin, options?: AddBehaviorOptions): Map<string, BehaviorOptions>

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

Map<string, BehaviorOptions>

createDefaultBehavior(origin, options?)

createDefaultBehavior(origin: IOrigin, options?: AddBehaviorOptions): BehaviorOptions

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

BehaviorOptions

createLegacyAdditionalBehaviors()

createLegacyAdditionalBehaviors(): Array<Behavior>

Returns:

Array<Behavior>

createLegacyDefaultBehavior()

createLegacyDefaultBehavior(): Behavior

Returns:

Behavior

updateUserPoolClientCallbacks(redirects)

updateUserPoolClientCallbacks(redirects: UserPoolClientCallbackUrls): void

redirects (UserPoolClientCallbackUrls) No description
- callbackUrls (Array) A list of allowed redirect (callback) URLs for the identity providers.
- logoutUrls (Array) A list of allowed logout URLs for the identity providers.

interface IStaticSiteAuthorization

Implemented by: StaticSiteAuthorization

Properties

Name	Type	Description
mode	`Mode`
redirectPaths	`RedirectPaths`
signOutUrlPath	`string`

Methods

createAdditionalBehaviors(origin, options?)

createAdditionalBehaviors(origin: IOrigin, options?: AddBehaviorOptions): Map<string, BehaviorOptions>

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

Map<string, BehaviorOptions>

createDefaultBehavior(origin, options?)

createDefaultBehavior(origin: IOrigin, options?: AddBehaviorOptions): BehaviorOptions

origin (IOrigin) No description
options (AddBehaviorOptions) No description
- allowedMethods (AllowedMethods) HTTP methods to allow for this behavior. Default: AllowedMethods.ALLOW_GET_HEAD
- cachedMethods (CachedMethods) HTTP methods to cache for this behavior. Default: CachedMethods.CACHE_GET_HEAD
- cachePolicy (ICachePolicy) The cache policy for this behavior. Default: CachePolicy.CACHING_OPTIMIZED
- compress (boolean) Whether you want CloudFront to automatically compress certain files for this cache behavior. Default: true
- edgeLambdas (Array<EdgeLambda>) The Lambda@Edge functions to invoke before serving the contents. Default: no Lambda functions will be invoked
- functionAssociations (Array<FunctionAssociation>) The CloudFront functions to invoke before serving the contents. Default: no functions will be invoked
- originRequestPolicy (IOriginRequestPolicy) The origin request policy for this behavior. Default: none
- smoothStreaming (boolean) Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior. Default: false
- trustedKeyGroups (Array<IKeyGroup>) A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies. Default: no KeyGroups are associated with cache behavior
- viewerProtocolPolicy (ViewerProtocolPolicy) The protocol that viewers can use to access the files controlled by this behavior. Default: ViewerProtocolPolicy.ALLOW_ALL

Returns:

BehaviorOptions

createLegacyAdditionalBehaviors()

createLegacyAdditionalBehaviors(): Array<Behavior>

Returns:

Array<Behavior>

createLegacyDefaultBehavior()

createLegacyDefaultBehavior(): Behavior

Returns:

Behavior

updateUserPoolClientCallbacks(redirects)

updateUserPoolClientCallbacks(redirects: UserPoolClientCallbackUrls): void

redirects (UserPoolClientCallbackUrls) No description
- callbackUrls (Array) A list of allowed redirect (callback) URLs for the identity providers.
- logoutUrls (Array) A list of allowed logout URLs for the identity providers.

struct RedirectPaths

Name	Type	Description
authRefresh	`string`
signIn	`string`
signOut	`string`

struct RetrieveUserPoolClientSecretProps

Name	Type	Description
userPool	`IUserPool`
userPoolClient	`IUserPoolClient`

struct SecretGeneratorProps

Name	Type	Description
allowedCharacters?	`string`	*Optional*
length?	`number`	*Optional*

struct SpaDistributionProps

Name	Type	Description
authorization	`ISpaAuthorization`
certificate?	`ICertificate`	A certificate to associate with the distribution. *Default: the CloudFront wildcard certificate (.cloudfront.net) will be used.
comment?	`string`	Any comments you want to include about the distribution. *Default*: no comment
defaultRootObject?	`string`	The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/). *Default*: index.html
domainNames?	`Array`	Alternative domain names for this distribution. *Default*: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
enableIpv6?	`boolean`	Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. *Default*: true
enableLogging?	`boolean`	Enable access logging for the distribution. *Default*: false, unless `logBucket` is specified.
enabled?	`boolean`	Enable or disable the distribution. *Default*: true
geoRestriction?	`GeoRestriction`	Controls the countries in which your content is distributed. *Default*: No geographic restrictions
httpVersion?	`HttpVersion`	Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. *Default*: HttpVersion.HTTP2
logBucket?	`IBucket`	The Amazon S3 bucket to store the access logs in. *Default*: A bucket is created if `enableLogging` is true
logFilePrefix?	`string`	An optional string that you want CloudFront to prefix to the access log filenames for this distribution. *Default*: no prefix
logIncludesCookies?	`boolean`	Specifies whether you want CloudFront to include cookies in access logs. *Default*: false
minimumProtocolVersion?	`SecurityPolicyProtocol`	The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. *Default*: SecurityPolicyProtocol.TLS_V1_2_2019
origin?	`IOrigin`	The origin that you want CloudFront to route requests. *Optional*
priceClass?	`PriceClass`	The price class that corresponds with the maximum price that you want to pay for CloudFront service. *Default*: PriceClass.PRICE_CLASS_100
removalPolicy?	`RemovalPolicy`	*Default*: Destroy
ttl?	`Duration`	The minimum amount of time, in seconds, that you want CloudFront to cache the HTTP status code specified in ErrorCode. *Default*: 300 seconds
webAclId?	`string`	Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. *Default*: No AWS Web Application Firewall web access control list (web ACL).

struct StaticSiteDistributionProps

Name	Type	Description
authorization	`IStaticSiteAuthorization`
certificate?	`ICertificate`	A certificate to associate with the distribution. *Default: the CloudFront wildcard certificate (.cloudfront.net) will be used.
comment?	`string`	Any comments you want to include about the distribution. *Default*: no comment
defaultRootObject?	`string`	The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/). *Default*: index.html
domainNames?	`Array`	Alternative domain names for this distribution. *Default*: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
enableIpv6?	`boolean`	Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. *Default*: true
enableLogging?	`boolean`	Enable access logging for the distribution. *Default*: false, unless `logBucket` is specified.
enabled?	`boolean`	Enable or disable the distribution. *Default*: true
errorResponses?	`Array<ErrorResponse>`	*Optional*
geoRestriction?	`GeoRestriction`	Controls the countries in which your content is distributed. *Default*: No geographic restrictions
httpVersion?	`HttpVersion`	Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. *Default*: HttpVersion.HTTP2
logBucket?	`IBucket`	The Amazon S3 bucket to store the access logs in. *Default*: A bucket is created if `enableLogging` is true
logFilePrefix?	`string`	An optional string that you want CloudFront to prefix to the access log filenames for this distribution. *Default*: no prefix
logIncludesCookies?	`boolean`	Specifies whether you want CloudFront to include cookies in access logs. *Default*: false
minimumProtocolVersion?	`SecurityPolicyProtocol`	The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. *Default*: SecurityPolicyProtocol.TLS_V1_2_2019
origin?	`IOrigin`	The origin that you want CloudFront to route requests. *Optional*
priceClass?	`PriceClass`	The price class that corresponds with the maximum price that you want to pay for CloudFront service. *Default*: PriceClass.PRICE_CLASS_100
removalPolicy?	`RemovalPolicy`	*Default*: Destroy
webAclId?	`string`	Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. *Default*: No AWS Web Application Firewall web access control list (web ACL).

struct UserPoolClientCallbackUrls

Name	Type	Description
callbackUrls	`Array`	A list of allowed redirect (callback) URLs for the identity providers.
logoutUrls	`Array`	A list of allowed logout URLs for the identity providers.

struct UserPoolClientRedirectsProps

Name	Type	Description
callbackUrls	`Array`
identityProviders	`Array<UserPoolClientIdentityProvider>`
logoutUrls	`Array`
oauthScopes	`Array<OAuthScope>`
userPool	`IUserPool`
userPoolClient	`IUserPoolClient`

enum Mode

Name	Description
SPA
STATIC_SITE

Files

API.md

Latest commit

History

API.md

File metadata and controls

API Reference

class AuthFlow

Initializer

Properties

class Authorization

Initializer

Properties

Methods

createAdditionalBehaviors(origin, options?)

createDefaultBehavior(origin, options?)

createLegacyAdditionalBehaviors(options?)

createLegacyDefaultBehavior(options?)

updateUserPoolClientCallbacks(redirects)

protected createAuthFlow(logLevel)

protected createUserPoolClient()

class BaseDistribution

Initializer

Properties

Methods

protected renderAdditionalBehaviors(origin, authorization)

protected renderDefaultBehaviour(origin, authorization)

class RetrieveUserPoolClientSecret

Initializer

Properties

class SecretGenerator

Initializer

Properties

class SpaAuthorization

Initializer

Properties

Methods

protected createAuthFlow(logLevel)

protected createUserPoolClient()

class SpaDistribution

Initializer

class StaticSiteAuthorization

Initializer

Properties

Methods

protected createAuthFlow(logLevel)

protected createUserPoolClient()

class StaticSiteDistribution

Initializer

class UserPoolClientRedirects

Initializer

struct AuthFlowProps

struct AuthorizationProps

struct BaseDistributionProps

struct CommonDistributionProps

interface IAuthorization

Properties

Methods

createAdditionalBehaviors(origin, options?)

createDefaultBehavior(origin, options?)

createLegacyAdditionalBehaviors()

createLegacyDefaultBehavior()

updateUserPoolClientCallbacks(redirects)

interface ISpaAuthorization

Properties

Methods

createAdditionalBehaviors(origin, options?)

createDefaultBehavior(origin, options?)

createLegacyAdditionalBehaviors()

createLegacyDefaultBehavior()

updateUserPoolClientCallbacks(redirects)

interface IStaticSiteAuthorization

Properties

Methods

createAdditionalBehaviors(origin, options?)

createDefaultBehavior(origin, options?)

createLegacyAdditionalBehaviors()

createLegacyDefaultBehavior()

updateUserPoolClientCallbacks(redirects)

struct RedirectPaths