feat(aws-cloudfront): add support for "webAclId" (#969)

Expose the webAclId property on CloudFront distributions. This allows linking of AWS WAF WebACL resources to protect the CloudFront distribution.
aws · Oct 19, 2018 · 3ec9d76 · 3ec9d76
1 parent a5f5e2c
commit 3ec9d76
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts
@@ -163,7 +163,7 @@ export interface SourceConfiguration {
  *
  * @default no additional headers are passed
  */
- readonly originHeaders?: {[key: string]: string};
+ readonly originHeaders?: { [key: string]: string };
 }
 
 /**
@@ -431,6 +431,12 @@ export interface CloudFrontWebDistributionProps {
  * How CloudFront should handle requests that are no successful (eg PageNotFound)
  */
  errorConfigurations?: cloudformation.DistributionResource.CustomErrorResponseProperty[];
+
+ /**
+ * Optional AWS WAF WebACL to associate with this CloudFront distribution
+ */
+ webACLId?: string;
+
 }
 
 /**
@@ -528,6 +534,7 @@ export class CloudFrontWebDistribution extends cdk.Construct {
  ipv6Enabled: props.enableIpV6 || true,
  // tslint:disable-next-line:max-line-length
  customErrorResponses: props.errorConfigurations, // TODO: validation : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-errorcachingminttl
+ webAclId: props.webACLId,
  };
 
  const behaviors: BehaviorWithOrigin[] = [];
@@ -585,7 +592,7 @@ export class CloudFrontWebDistribution extends cdk.Construct {
  };
  }
  for (const behavior of originConfig.behaviors) {
- behaviors.push({...behavior, targetOriginId: originId});
+ behaviors.push({ ...behavior, targetOriginId: originId });
  }
  origins.push(originProperty);
  originIndex++;
@@ -647,26 +654,26 @@ export class CloudFrontWebDistribution extends cdk.Construct {
  };
  }
 
- const distribution = new cloudformation.DistributionResource(this, 'CFDistribution', {distributionConfig});
+ const distribution = new cloudformation.DistributionResource(this, 'CFDistribution', { distributionConfig });
  this.domainName = distribution.distributionDomainName;
  this.distributionId = distribution.distributionId;
  }
 
  private toBehavior(input: BehaviorWithOrigin, protoPolicy?: ViewerProtocolPolicy) {
- let toReturn =  {
+ let toReturn = {
  allowedMethods: this.METHOD_LOOKUP_MAP[input.allowedMethods || CloudFrontAllowedMethods.GET_HEAD],
  cachedMethods: this.METHOD_LOOKUP_MAP[input.cachedMethods || CloudFrontAllowedCachedMethods.GET_HEAD],
  compress: input.compress,
  defaultTtl: input.defaultTtlSeconds,
- forwardedValues: input.forwardedValues || { queryString: false, cookies: {forward: "none"} },
+ forwardedValues: input.forwardedValues || { queryString: false, cookies: { forward: "none" } },
  maxTtl: input.maxTtlSeconds,
  minTtl: input.minTtlSeconds,
  trustedSigners: input.trustedSigners,
  targetOriginId: input.targetOriginId,
  viewerProtocolPolicy: protoPolicy || ViewerProtocolPolicy.RedirectToHTTPS,
  };
  if (!input.isDefaultBehavior) {
- toReturn = Object.assign(toReturn, {pathPattern: input.pathPattern});
+ toReturn = Object.assign(toReturn, { pathPattern: input.pathPattern });
  }
  return toReturn;
  }