Skip to content

API.md

Latest commit

 

History

History
337 lines (206 loc) · 11 KB

API.md

File metadata and controls

337 lines (206 loc) · 11 KB

API Reference

Constructs

OriginVerify

Associates an origin with WAFv2 WebACL to verify traffic contains specific header with a secret value.

Initializers 

import { OriginVerify } from '@alma-cdk/origin-verify'

new OriginVerify(scope: Construct, id: string, props: OriginVerifyProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props OriginVerifyProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { OriginVerify } from '@alma-cdk/origin-verify'

OriginVerify.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
headerName string CloudFront Origin Custom Header name used in the WAFv2 WebACL verification.
headerValue string Secret Value used as the CloudFront Origin Custom Header value.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

headerNameRequired 
public readonly headerName: string;
  • Type: string
  • Default: 'x-origin-verify'

CloudFront Origin Custom Header name used in the WAFv2 WebACL verification.

headerValueRequired 
public readonly headerValue: string;
  • Type: string

Secret Value used as the CloudFront Origin Custom Header value.

Example

'xxxxEXAMPLESECRET'

Constants

Name Type Description
OriginVerifyHeader string Origin Request Header Default Name.
OriginVerifyHeaderRequired 
public readonly OriginVerifyHeader: string;
  • Type: string

Origin Request Header Default Name.

Structs

OriginVerifyProps

Properties for OriginVerify constructor.

Initializer 

import { OriginVerifyProps } from '@alma-cdk/origin-verify'

const originVerifyProps: OriginVerifyProps = { ... }

Properties

Name Type Description
origin aws-cdk-lib.aws_apigateway.IStage | aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancer | aws-cdk-lib.aws_appsync.CfnGraphQLApi Origin to protect.
aclMetricName string Metric name for the WebACL.
headerName string By default x-origin-verify is used.
ruleMetricName string Metric name for the allowed requests.
rules aws-cdk-lib.IResolvable | aws-cdk-lib.aws_wafv2.CfnWebACL.RuleProperty[] Any additional rules to add into the created WAFv2 WebACL.
secretValue aws-cdk-lib.SecretValue The secret which is used to verify the CloudFront distribution.
originRequired 
public readonly origin: IStage | IApplicationLoadBalancer | CfnGraphQLApi;
  • Type: aws-cdk-lib.aws_apigateway.IStage | aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancer | aws-cdk-lib.aws_appsync.CfnGraphQLApi

Origin to protect.

Accepted types:

  • IStage (from aws-cdk-lib/aws-apigateway)
  • IApplicationLoadBalancer (from aws-cdk-lib/aws-elasticloadbalancingv2)
aclMetricNameOptional 
public readonly aclMetricName: string;
  • Type: string
  • Default: 'OriginVerifyWebAcl'

Metric name for the WebACL.

headerNameOptional 
public readonly headerName: string;
  • Type: string
  • Default: 'x-origin-verify'

By default x-origin-verify is used.

To override it, provide a value for this. Recommendation is to use something with a x- prefix.

ruleMetricNameOptional 
public readonly ruleMetricName: string;
  • Type: string
  • Default: 'OriginVerifyAllowedRequests'

Metric name for the allowed requests.

rulesOptional 
public readonly rules: (IResolvable | RuleProperty)[];
  • Type: aws-cdk-lib.IResolvable | aws-cdk-lib.aws_wafv2.CfnWebACL.RuleProperty[]

Any additional rules to add into the created WAFv2 WebACL.

secretValueOptional 
public readonly secretValue: SecretValue;
  • Type: aws-cdk-lib.SecretValue
  • Default: new Secret().secretValue

The secret which is used to verify the CloudFront distribution.

Optional: By default this construct will generate a new Secret.

Protocols

IVerification

Interface describing the "contract" of return values from the constructor.

Properties

Name Type Description
headerName string CloudFront Origin Custom Header name used in the WAFv2 WebACL verification.
headerValue string Secret Value used as the CloudFront Origin Custom Header value.
headerNameRequired 
public readonly headerName: string;
  • Type: string
  • Default: 'x-origin-verify'

CloudFront Origin Custom Header name used in the WAFv2 WebACL verification.

headerValueRequired 
public readonly headerValue: string;
  • Type: string

Secret Value used as the CloudFront Origin Custom Header value.

Example

'xxxxEXAMPLESECRET'