Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

viewerProtocolPolicy in aws-cloudfront does not seem to work #1801

Closed
seanyu4296 opened this issue Feb 20, 2019 · 0 comments · Fixed by #1932
Closed

viewerProtocolPolicy in aws-cloudfront does not seem to work #1801

seanyu4296 opened this issue Feb 20, 2019 · 0 comments · Fixed by #1932
Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront bug This issue is a bug.

Comments

@seanyu4296
Copy link

I'm trying to set my viewerProtocolPolicy to "HTTP and HTTPS" in my Cloudfront but it does not seem to work. It always sets to "redirect-to-https".

Here is my code:

import * as cloudfront from '@aws-cdk/aws-cloudfront';
// import * as route53 from '@aws-cdk/aws-route53';
import * as s3 from '@aws-cdk/aws-s3';
import * as cdk from '@aws-cdk/cdk';
import { ViewerProtocolPolicy } from '@aws-cdk/aws-cloudfront';

export interface StaticSiteProps {
  domainName: string;
  siteSubDomain: string;
  certificateArn?: string;
  s3Region: string;
}

export class StaticSite extends cdk.Construct {
  constructor(parent: cdk.Construct, name: string, props: StaticSiteProps) {
    super(parent, name);
    const siteDomain = props.siteSubDomain + '.' + props.domainName;
    const siteBucket = new s3.Bucket(this, 'SiteBucketReal', {
      bucketName: siteDomain,
      websiteIndexDocument: 'index.html',
      websiteErrorDocument: 'index.html',
      publicReadAccess: true,
    });
    new cdk.Output(this, 'SiteBucketName', { value: siteBucket.bucketName });
    const distribution = new cloudfront.CloudFrontWebDistribution(
      this,
      'SiteDistribution',
      {
        viewerProtocolPolicy: ViewerProtocolPolicy.AllowAll,
        originConfigs: [
          {
            customOriginSource: {
              domainName: `${siteDomain}.s3-website-${
                props.s3Region
              }.amazonaws.com`,
            },
            behaviors: [{ isDefaultBehavior: true }],
          },
        ],
      },
    );
    new cdk.Output(this, 'DistributionId', {
      value: distribution.distributionId,
    });    
  }
}

Here is the result when i run cdk synth

Resources:
  StaticSiteSiteBucketRealB56A52B3:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: test.zap.com.ph
      WebsiteConfiguration:
        ErrorDocument: index.html
        IndexDocument: index.html
    DeletionPolicy: Retain
    Metadata:
      aws:cdk:path: TestCdkClient/StaticSite/SiteBucketReal/Resource
  StaticSiteSiteBucketRealPolicy828DCFC9:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket:
        Ref: StaticSiteSiteBucketRealB56A52B3
      PolicyDocument:
        Statement:
          - Action: s3:GetObject
            Effect: Allow
            Principal: "*"
            Resource:
              Fn::Join:
                - ""
                - - Fn::GetAtt:
                      - StaticSiteSiteBucketRealB56A52B3
                      - Arn
                  - /*
        Version: "2012-10-17"
    Metadata:
      aws:cdk:path: TestCdkClient/StaticSite/SiteBucketReal/Policy/Resource
  StaticSiteSiteDistributionCFDistribution500D676B:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        CacheBehaviors: []
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
          CachedMethods:
            - GET
            - HEAD
          ForwardedValues:
            Cookies:
              Forward: none
            QueryString: false
          TargetOriginId: origin1
          ViewerProtocolPolicy: redirect-to-https
        DefaultRootObject: index.html
        Enabled: true
        HttpVersion: http2
        IPV6Enabled: true
        Origins:
          - CustomOriginConfig:
              HTTPPort: 80
              HTTPSPort: 443
              OriginKeepaliveTimeout: 5
              OriginProtocolPolicy: https-only
              OriginReadTimeout: 30
              OriginSSLProtocols:
                - TLSv1.2
            DomainName: test.zap.com.ph.s3-website-ap-southeast-1.amazonaws.com
            Id: origin1
        PriceClass: PriceClass_100
        ViewerCertificate:
          CloudFrontDefaultCertificate: true
    Metadata:
      aws:cdk:path: TestCdkClient/StaticSite/SiteDistribution/CFDistribution
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Modules: aws-cdk=0.24.1,@aws-cdk/aws-cloudfront=0.24.1,@aws-cdk/aws-codepipeline-api=0.24.1,@aws-cdk/aws-events=0.24.1,@aws-cdk/aws-iam=0.24.1,@aws-cdk/aws-kms=0.24.1,@aws-cdk/aws-s3=0.24.1,@aws-cdk/aws-s3-notifications=0.24.1,@aws-cdk/cdk=0.24.1,@aws-cdk/cx-api=0.24.1,jsii-runtime=node.js/v11.6.0
Outputs:
  StaticSiteSiteBucketNameDAB52DD2:
    Value:
      Ref: StaticSiteSiteBucketRealB56A52B3
  StaticSiteDistributionId8C64EF2A:
    Value:
      Ref: StaticSiteSiteDistributionCFDistribution500D676B
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cloudfront): Pass viewerProtocolPolicy to the distribution's behaviors skorfmann/aws-cdk
2 participants
@rix0rrr @seanyu4296