Skip to content

API Reference

Constructs

CloudfrontWebAcl

This construct creates a WAFv2 Web ACL for cloudfront in the us-east-1 region (required for cloudfront) no matter the region of the parent cdk stack.

Initializers

import software.aws.pdk.static_website.CloudfrontWebAcl;

CloudfrontWebAcl.Builder.create(Construct scope, java.lang.String id)
//  .cidrAllowList(CidrAllowList)
//  .disable(java.lang.Boolean)
//  .managedRules(java.util.List<ManagedRule>)
    .build();
Name Type Description
scope software.constructs.Construct No description.
id java.lang.String No description.
cidrAllowList CidrAllowList List of cidr ranges to allow.
disable java.lang.Boolean Set to true to prevent creation of a web acl for the static website.
managedRules java.util.List<ManagedRule> List of managed rules to apply to the web acl.

scopeRequired
  • Type: software.constructs.Construct

idRequired
  • Type: java.lang.String

cidrAllowListOptional

List of cidr ranges to allow.


disableOptional
  • Type: java.lang.Boolean
  • Default: false

Set to true to prevent creation of a web acl for the static website.


managedRulesOptional
  • Type: java.util.List<ManagedRule>
  • Default: [{ vendor: "AWS", name: "AWSManagedRulesCommonRuleSet" }]

List of managed rules to apply to the web acl.


Methods

Name Description
toString Returns a string representation of this construct.

toString
public java.lang.String toString()

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import software.aws.pdk.static_website.CloudfrontWebAcl;

CloudfrontWebAcl.isConstruct(java.lang.Object x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: java.lang.Object

Any object.


Properties

Name Type Description
node software.constructs.Node The tree node.
webAclArn java.lang.String No description.
webAclId java.lang.String No description.

nodeRequired
public Node getNode();
  • Type: software.constructs.Node

The tree node.


webAclArnRequired
public java.lang.String getWebAclArn();
  • Type: java.lang.String

webAclIdRequired
public java.lang.String getWebAclId();
  • Type: java.lang.String

StaticWebsite

Deploys a Static Website using by default a private S3 bucket as an origin and Cloudfront as the entrypoint.

This construct configures a webAcl containing rules that are generally applicable to web applications. This provides protection against exploitation of a wide range of vulnerabilities, including some of the high risk and commonly occurring vulnerabilities described in OWASP publications such as OWASP Top 10.

Initializers

import software.aws.pdk.static_website.StaticWebsite;

StaticWebsite.Builder.create(Construct scope, java.lang.String id)
    .websiteContentPath(java.lang.String)
//  .bucketDeploymentProps(BucketDeploymentProps)
//  .defaultWebsiteBucketEncryption(BucketEncryption)
//  .defaultWebsiteBucketEncryptionKey(Key)
//  .distributionProps(DistributionProps)
//  .runtimeOptions(RuntimeOptions)
//  .webAclProps(CloudFrontWebAclProps)
//  .websiteBucket(IBucket)
    .build();
Name Type Description
scope software.constructs.Construct No description.
id java.lang.String No description.
websiteContentPath java.lang.String Path to the directory containing the static website files and assets.
bucketDeploymentProps BucketDeploymentProps Custom bucket deployment properties.
defaultWebsiteBucketEncryption software.amazon.awscdk.services.s3.BucketEncryption Bucket encryption to use for the default bucket.
defaultWebsiteBucketEncryptionKey software.amazon.awscdk.services.kms.Key A predefined KMS customer encryption key to use for the default bucket that gets created.
distributionProps DistributionProps Custom distribution properties.
runtimeOptions RuntimeOptions Dynamic configuration which gets resolved only during deployment.
webAclProps CloudFrontWebAclProps Limited configuration settings for the generated webAcl.
websiteBucket software.amazon.awscdk.services.s3.IBucket Predefined bucket to deploy the website into.

scopeRequired
  • Type: software.constructs.Construct

idRequired
  • Type: java.lang.String

websiteContentPathRequired
  • Type: java.lang.String

Path to the directory containing the static website files and assets.

This directory must contain an index.html file.


bucketDeploymentPropsOptional

Custom bucket deployment properties.



defaultWebsiteBucketEncryptionOptional
  • Type: software.amazon.awscdk.services.s3.BucketEncryption
  • Default: "S3MANAGED"

Bucket encryption to use for the default bucket.

Supported options are KMS or S3MANAGED.

Note: If planning to use KMS, ensure you associate a Lambda Edge function to sign requests to S3 as OAI does not currently support KMS encryption. Refer to {@link https://aws.amazon.com/blogs/networking-and-content-delivery/serving-sse-kms-encrypted-content-from-s3-using-cloudfront/}


defaultWebsiteBucketEncryptionKeyOptional
  • Type: software.amazon.awscdk.services.kms.Key

A predefined KMS customer encryption key to use for the default bucket that gets created.

Note: This is only used if the websiteBucket is left undefined, otherwise all settings from the provided websiteBucket will be used.


distributionPropsOptional

Custom distribution properties.

Note: defaultBehaviour.origin is a required parameter, however it will not be used as this construct will wire it on your behalf. You will need to pass in an instance of StaticWebsiteOrigin (NoOp) to keep the compiler happy.


runtimeOptionsOptional

Dynamic configuration which gets resolved only during deployment.


webAclPropsOptional

Limited configuration settings for the generated webAcl.

For more advanced settings, create your own ACL and pass in the webAclId as a param to distributionProps.

Note: If pass in your own ACL, make sure the SCOPE is CLOUDFRONT and it is created in us-east-1.


websiteBucketOptional
  • Type: software.amazon.awscdk.services.s3.IBucket

Predefined bucket to deploy the website into.


Methods

Name Description
toString Returns a string representation of this construct.

toString
public java.lang.String toString()

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import software.aws.pdk.static_website.StaticWebsite;

StaticWebsite.isConstruct(java.lang.Object x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: java.lang.Object

Any object.


Properties

Name Type Description
node software.constructs.Node The tree node.
bucketDeployment software.amazon.awscdk.services.s3.deployment.BucketDeployment No description.
cloudFrontDistribution software.amazon.awscdk.services.cloudfront.Distribution No description.
websiteBucket software.amazon.awscdk.services.s3.IBucket No description.

nodeRequired
public Node getNode();
  • Type: software.constructs.Node

The tree node.


bucketDeploymentRequired
public BucketDeployment getBucketDeployment();
  • Type: software.amazon.awscdk.services.s3.deployment.BucketDeployment

cloudFrontDistributionRequired
public Distribution getCloudFrontDistribution();
  • Type: software.amazon.awscdk.services.cloudfront.Distribution

websiteBucketRequired
public IBucket getWebsiteBucket();
  • Type: software.amazon.awscdk.services.s3.IBucket

Structs

BucketDeploymentProps

BucketDeploymentProps.

Initializer

import software.aws.pdk.static_website.BucketDeploymentProps;

BucketDeploymentProps.builder()
//  .accessControl(BucketAccessControl)
//  .cacheControl(java.util.List<CacheControl>)
//  .contentDisposition(java.lang.String)
//  .contentEncoding(java.lang.String)
//  .contentLanguage(java.lang.String)
//  .contentType(java.lang.String)
//  .destinationBucket(IBucket)
//  .destinationKeyPrefix(java.lang.String)
//  .distribution(IDistribution)
//  .distributionPaths(java.util.List<java.lang.String>)
//  .ephemeralStorageSize(Size)
//  .exclude(java.util.List<java.lang.String>)
//  .expires(Expiration)
//  .extract(java.lang.Boolean)
//  .include(java.util.List<java.lang.String>)
//  .logGroup(ILogGroup)
//  .logRetention(RetentionDays)
//  .memoryLimit(java.lang.Number)
//  .metadata(java.util.Map<java.lang.String, java.lang.String>)
//  .outputObjectKeys(java.lang.Boolean)
//  .prune(java.lang.Boolean)
//  .retainOnDelete(java.lang.Boolean)
//  .role(IRole)
//  .serverSideEncryption(ServerSideEncryption)
//  .serverSideEncryptionAwsKmsKeyId(java.lang.String)
//  .serverSideEncryptionCustomerAlgorithm(java.lang.String)
//  .signContent(java.lang.Boolean)
//  .sources(java.util.List<ISource>)
//  .storageClass(StorageClass)
//  .useEfs(java.lang.Boolean)
//  .vpc(IVpc)
//  .vpcSubnets(SubnetSelection)
//  .websiteRedirectLocation(java.lang.String)
    .build();

Properties

Name Type Description
accessControl software.amazon.awscdk.services.s3.BucketAccessControl System-defined x-amz-acl metadata to be set on all objects in the deployment.
cacheControl java.util.List System-defined cache-control metadata to be set on all objects in the deployment.
contentDisposition java.lang.String System-defined cache-disposition metadata to be set on all objects in the deployment.
contentEncoding java.lang.String System-defined content-encoding metadata to be set on all objects in the deployment.
contentLanguage java.lang.String System-defined content-language metadata to be set on all objects in the deployment.
contentType java.lang.String System-defined content-type metadata to be set on all objects in the deployment.
destinationBucket software.amazon.awscdk.services.s3.IBucket The S3 bucket to sync the contents of the zip file to.
destinationKeyPrefix java.lang.String Key prefix in the destination bucket.
distribution software.amazon.awscdk.services.cloudfront.IDistribution The CloudFront distribution using the destination bucket as an origin.
distributionPaths java.util.List The file paths to invalidate in the CloudFront distribution.
ephemeralStorageSize software.amazon.awscdk.Size The size of the AWS Lambda function’s /tmp directory in MiB.
exclude java.util.List If this is set, matching files or objects will be excluded from the deployment's sync command.
expires software.amazon.awscdk.Expiration System-defined expires metadata to be set on all objects in the deployment.
extract java.lang.Boolean If this is set, the zip file will be synced to the destination S3 bucket and extracted.
include java.util.List If this is set, matching files or objects will be included with the deployment's sync command.
logGroup software.amazon.awscdk.services.logs.ILogGroup The Log Group used for logging of events emitted by the custom resource's lambda function.
logRetention software.amazon.awscdk.services.logs.RetentionDays The number of days that the lambda function's log events are kept in CloudWatch Logs.
memoryLimit java.lang.Number The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket.
metadata java.util.Map User-defined object metadata to be set on all objects in the deployment.
outputObjectKeys java.lang.Boolean If set to false, the custom resource will not send back the SourceObjectKeys.
prune java.lang.Boolean If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update).
retainOnDelete java.lang.Boolean If this is set to "false", the destination files will be deleted when the resource is deleted or the destination is updated.
role software.amazon.awscdk.services.iam.IRole Execution role associated with this function.
serverSideEncryption software.amazon.awscdk.services.s3.deployment.ServerSideEncryption System-defined x-amz-server-side-encryption metadata to be set on all objects in the deployment.
serverSideEncryptionAwsKmsKeyId java.lang.String System-defined x-amz-server-side-encryption-aws-kms-key-id metadata to be set on all objects in the deployment.
serverSideEncryptionCustomerAlgorithm java.lang.String System-defined x-amz-server-side-encryption-customer-algorithm metadata to be set on all objects in the deployment.
signContent java.lang.Boolean If set to true, uploads will precompute the value of x-amz-content-sha256 and include it in the signed S3 request headers.
sources java.util.List The sources from which to deploy the contents of this bucket.
storageClass software.amazon.awscdk.services.s3.deployment.StorageClass System-defined x-amz-storage-class metadata to be set on all objects in the deployment.
useEfs java.lang.Boolean Mount an EFS file system.
vpc software.amazon.awscdk.services.ec2.IVpc The VPC network to place the deployment lambda handler in.
vpcSubnets software.amazon.awscdk.services.ec2.SubnetSelection Where in the VPC to place the deployment lambda handler.
websiteRedirectLocation java.lang.String System-defined x-amz-website-redirect-location metadata to be set on all objects in the deployment.

accessControlOptional
public BucketAccessControl getAccessControl();
  • Type: software.amazon.awscdk.services.s3.BucketAccessControl
  • Default: Not set.

System-defined x-amz-acl metadata to be set on all objects in the deployment.


cacheControlOptional
public java.util.List<CacheControl> getCacheControl();
  • Type: java.util.List
  • Default: Not set.

System-defined cache-control metadata to be set on all objects in the deployment.


contentDispositionOptional
public java.lang.String getContentDisposition();
  • Type: java.lang.String
  • Default: Not set.

System-defined cache-disposition metadata to be set on all objects in the deployment.


contentEncodingOptional
public java.lang.String getContentEncoding();
  • Type: java.lang.String
  • Default: Not set.

System-defined content-encoding metadata to be set on all objects in the deployment.


contentLanguageOptional
public java.lang.String getContentLanguage();
  • Type: java.lang.String
  • Default: Not set.

System-defined content-language metadata to be set on all objects in the deployment.


contentTypeOptional
public java.lang.String getContentType();
  • Type: java.lang.String
  • Default: Not set.

System-defined content-type metadata to be set on all objects in the deployment.


destinationBucketOptional
public IBucket getDestinationBucket();
  • Type: software.amazon.awscdk.services.s3.IBucket

The S3 bucket to sync the contents of the zip file to.


destinationKeyPrefixOptional
public java.lang.String getDestinationKeyPrefix();
  • Type: java.lang.String
  • Default: "/" (unzip to root of the destination bucket)

Key prefix in the destination bucket.

Must be <=104 characters


distributionOptional
public IDistribution getDistribution();
  • Type: software.amazon.awscdk.services.cloudfront.IDistribution
  • Default: No invalidation occurs

The CloudFront distribution using the destination bucket as an origin.

Files in the distribution's edge caches will be invalidated after files are uploaded to the destination bucket.


distributionPathsOptional
public java.util.List<java.lang.String> getDistributionPaths();
  • Type: java.util.List
  • Default: All files under the destination bucket key prefix will be invalidated.

The file paths to invalidate in the CloudFront distribution.


ephemeralStorageSizeOptional
public Size getEphemeralStorageSize();
  • Type: software.amazon.awscdk.Size
  • Default: 512 MiB

The size of the AWS Lambda function’s /tmp directory in MiB.


excludeOptional
public java.util.List<java.lang.String> getExclude();
  • Type: java.util.List
  • Default: No exclude filters are used

If this is set, matching files or objects will be excluded from the deployment's sync command.

This can be used to exclude a file from being pruned in the destination bucket.

If you want to just exclude files from the deployment package (which excludes these files evaluated when invalidating the asset), you should leverage the exclude property of AssetOptions when defining your source.


expiresOptional
public Expiration getExpires();
  • Type: software.amazon.awscdk.Expiration
  • Default: The objects in the distribution will not expire.

System-defined expires metadata to be set on all objects in the deployment.


extractOptional
public java.lang.Boolean getExtract();
  • Type: java.lang.Boolean
  • Default: true

If this is set, the zip file will be synced to the destination S3 bucket and extracted.

If false, the file will remain zipped in the destination bucket.


includeOptional
public java.util.List<java.lang.String> getInclude();
  • Type: java.util.List
  • Default: No include filters are used and all files are included with the sync command

If this is set, matching files or objects will be included with the deployment's sync command.

Since all files from the deployment package are included by default, this property is usually leveraged alongside an exclude filter.


logGroupOptional
public ILogGroup getLogGroup();
  • Type: software.amazon.awscdk.services.logs.ILogGroup
  • Default: a default log group created by AWS Lambda

The Log Group used for logging of events emitted by the custom resource's lambda function.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.


logRetentionOptional
public RetentionDays getLogRetention();
  • Type: software.amazon.awscdk.services.logs.RetentionDays
  • Default: logs.RetentionDays.INFINITE

The number of days that the lambda function's log events are kept in CloudWatch Logs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.


memoryLimitOptional
public java.lang.Number getMemoryLimit();
  • Type: java.lang.Number
  • Default: 128

The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket.

If you are deploying large files, you will need to increase this number accordingly.


metadataOptional
public java.util.Map<java.lang.String, java.lang.String> getMetadata();
  • Type: java.util.Map
  • Default: No user metadata is set

User-defined object metadata to be set on all objects in the deployment.


outputObjectKeysOptional
public java.lang.Boolean getOutputObjectKeys();
  • Type: java.lang.Boolean
  • Default: true

If set to false, the custom resource will not send back the SourceObjectKeys.

This is useful when you are facing the error Response object is too long

See aws-cdk#28579


pruneOptional
public java.lang.Boolean getPrune();
  • Type: java.lang.Boolean
  • Default: true

If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update).


retainOnDeleteOptional
public java.lang.Boolean getRetainOnDelete();
  • Type: java.lang.Boolean
  • Default: true - when resource is deleted/updated, files are retained

If this is set to "false", the destination files will be deleted when the resource is deleted or the destination is updated.

NOTICE: Configuring this to "false" might have operational implications. Please visit to the package documentation referred below to make sure you fully understand those implications.


roleOptional
public IRole getRole();
  • Type: software.amazon.awscdk.services.iam.IRole
  • Default: A role is automatically created

Execution role associated with this function.


serverSideEncryptionOptional
public ServerSideEncryption getServerSideEncryption();
  • Type: software.amazon.awscdk.services.s3.deployment.ServerSideEncryption
  • Default: Server side encryption is not used.

System-defined x-amz-server-side-encryption metadata to be set on all objects in the deployment.


serverSideEncryptionAwsKmsKeyIdOptional
public java.lang.String getServerSideEncryptionAwsKmsKeyId();
  • Type: java.lang.String
  • Default: Not set.

System-defined x-amz-server-side-encryption-aws-kms-key-id metadata to be set on all objects in the deployment.


serverSideEncryptionCustomerAlgorithmOptional
public java.lang.String getServerSideEncryptionCustomerAlgorithm();
  • Type: java.lang.String
  • Default: Not set.

System-defined x-amz-server-side-encryption-customer-algorithm metadata to be set on all objects in the deployment.

Warning: This is not a useful parameter until this bug is fixed: aws-cdk#6080


signContentOptional
public java.lang.Boolean getSignContent();
  • Type: java.lang.Boolean
  • Default: x-amz-content-sha256 will not be computed

If set to true, uploads will precompute the value of x-amz-content-sha256 and include it in the signed S3 request headers.


sourcesOptional
public java.util.List<ISource> getSources();
  • Type: java.util.List

The sources from which to deploy the contents of this bucket.


storageClassOptional
public StorageClass getStorageClass();
  • Type: software.amazon.awscdk.services.s3.deployment.StorageClass
  • Default: Default storage-class for the bucket is used.

System-defined x-amz-storage-class metadata to be set on all objects in the deployment.


useEfsOptional
public java.lang.Boolean getUseEfs();
  • Type: java.lang.Boolean
  • Default: No EFS. Lambda has access only to 512MB of disk space.

Mount an EFS file system.

Enable this if your assets are large and you encounter disk space errors. Enabling this option will require a VPC to be specified.


vpcOptional
public IVpc getVpc();
  • Type: software.amazon.awscdk.services.ec2.IVpc
  • Default: None

The VPC network to place the deployment lambda handler in.

This is required if useEfs is set.


vpcSubnetsOptional
public SubnetSelection getVpcSubnets();
  • Type: software.amazon.awscdk.services.ec2.SubnetSelection
  • Default: the Vpc default strategy if not specified

Where in the VPC to place the deployment lambda handler.

Only used if 'vpc' is supplied.


websiteRedirectLocationOptional
public java.lang.String getWebsiteRedirectLocation();
  • Type: java.lang.String
  • Default: No website redirection.

System-defined x-amz-website-redirect-location metadata to be set on all objects in the deployment.


CidrAllowList

Representation of a CIDR range.

Initializer

import software.aws.pdk.static_website.CidrAllowList;

CidrAllowList.builder()
    .cidrRanges(java.util.List<java.lang.String>)
    .cidrType(java.lang.String)
    .build();

Properties

Name Type Description
cidrRanges java.util.List Specify an IPv4 address by using CIDR notation.
cidrType java.lang.String Type of CIDR range.

cidrRangesRequired
public java.util.List<java.lang.String> getCidrRanges();
  • Type: java.util.List

Specify an IPv4 address by using CIDR notation.

For example: To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32 . To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .

For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

Specify an IPv6 address by using CIDR notation. For example: To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 . To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .


cidrTypeRequired
public java.lang.String getCidrType();
  • Type: java.lang.String

Type of CIDR range.


CloudFrontWebAclProps

Properties to configure the web acl.

Initializer

import software.aws.pdk.static_website.CloudFrontWebAclProps;

CloudFrontWebAclProps.builder()
//  .cidrAllowList(CidrAllowList)
//  .disable(java.lang.Boolean)
//  .managedRules(java.util.List<ManagedRule>)
    .build();

Properties

Name Type Description
cidrAllowList CidrAllowList List of cidr ranges to allow.
disable java.lang.Boolean Set to true to prevent creation of a web acl for the static website.
managedRules java.util.List<ManagedRule> List of managed rules to apply to the web acl.

cidrAllowListOptional
public CidrAllowList getCidrAllowList();

List of cidr ranges to allow.


disableOptional
public java.lang.Boolean getDisable();
  • Type: java.lang.Boolean
  • Default: false

Set to true to prevent creation of a web acl for the static website.


managedRulesOptional
public java.util.List<ManagedRule> getManagedRules();
  • Type: java.util.List<ManagedRule>
  • Default: [{ vendor: "AWS", name: "AWSManagedRulesCommonRuleSet" }]

List of managed rules to apply to the web acl.


DistributionProps

DistributionProps.

Initializer

import software.aws.pdk.static_website.DistributionProps;

DistributionProps.builder()
//  .additionalBehaviors(java.util.Map<java.lang.String, BehaviorOptions>)
//  .certificate(ICertificate)
//  .comment(java.lang.String)
//  .defaultBehavior(BehaviorOptions)
//  .defaultRootObject(java.lang.String)
//  .domainNames(java.util.List<java.lang.String>)
//  .enabled(java.lang.Boolean)
//  .enableIpv6(java.lang.Boolean)
//  .enableLogging(java.lang.Boolean)
//  .errorResponses(java.util.List<ErrorResponse>)
//  .geoRestriction(GeoRestriction)
//  .httpVersion(HttpVersion)
//  .logBucket(IBucket)
//  .logFilePrefix(java.lang.String)
//  .logIncludesCookies(java.lang.Boolean)
//  .minimumProtocolVersion(SecurityPolicyProtocol)
//  .priceClass(PriceClass)
//  .publishAdditionalMetrics(java.lang.Boolean)
//  .sslSupportMethod(SSLMethod)
//  .webAclId(java.lang.String)
    .build();

Properties

Name Type Description
additionalBehaviors java.util.Map Additional behaviors for the distribution, mapped by the pathPattern that specifies which requests to apply the behavior to.
certificate software.amazon.awscdk.services.certificatemanager.ICertificate A certificate to associate with the distribution.
comment java.lang.String Any comments you want to include about the distribution.
defaultBehavior software.amazon.awscdk.services.cloudfront.BehaviorOptions The default behavior for the distribution.
defaultRootObject java.lang.String The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/).
domainNames java.util.List Alternative domain names for this distribution.
enabled java.lang.Boolean Enable or disable the distribution.
enableIpv6 java.lang.Boolean Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address.
enableLogging java.lang.Boolean Enable access logging for the distribution.
errorResponses java.util.List How CloudFront should handle requests that are not successful (e.g., PageNotFound).
geoRestriction software.amazon.awscdk.services.cloudfront.GeoRestriction Controls the countries in which your content is distributed.
httpVersion software.amazon.awscdk.services.cloudfront.HttpVersion Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront.
logBucket software.amazon.awscdk.services.s3.IBucket The Amazon S3 bucket to store the access logs in.
logFilePrefix java.lang.String An optional string that you want CloudFront to prefix to the access log filenames for this distribution.
logIncludesCookies java.lang.Boolean Specifies whether you want CloudFront to include cookies in access logs.
minimumProtocolVersion software.amazon.awscdk.services.cloudfront.SecurityPolicyProtocol The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
priceClass software.amazon.awscdk.services.cloudfront.PriceClass The price class that corresponds with the maximum price that you want to pay for CloudFront service.
publishAdditionalMetrics java.lang.Boolean Whether to enable additional CloudWatch metrics.
sslSupportMethod software.amazon.awscdk.services.cloudfront.SSLMethod The SSL method CloudFront will use for your distribution.
webAclId java.lang.String Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.

additionalBehaviorsOptional
public java.util.Map<java.lang.String, BehaviorOptions> getAdditionalBehaviors();
  • Type: java.util.Map
  • Default: no additional behaviors are added.

Additional behaviors for the distribution, mapped by the pathPattern that specifies which requests to apply the behavior to.


certificateOptional
public ICertificate getCertificate();
  • Type: software.amazon.awscdk.services.certificatemanager.ICertificate
  • Default: the CloudFront wildcard certificate (*.cloudfront.net) will be used.

A certificate to associate with the distribution.

The certificate must be located in N. Virginia (us-east-1).


commentOptional
public java.lang.String getComment();
  • Type: java.lang.String
  • Default: no comment

Any comments you want to include about the distribution.


defaultBehaviorOptional
public BehaviorOptions getDefaultBehavior();
  • Type: software.amazon.awscdk.services.cloudfront.BehaviorOptions

The default behavior for the distribution.


defaultRootObjectOptional
public java.lang.String getDefaultRootObject();
  • Type: java.lang.String
  • Default: no default root object

The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/).


domainNamesOptional
public java.util.List<java.lang.String> getDomainNames();
  • Type: java.util.List
  • Default: The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)

Alternative domain names for this distribution.

If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net domain name, you can add an alternate domain name to your distribution. If you attach a certificate to the distribution, you should add (at least one of) the domain names of the certificate to this list.

When you want to move a domain name between distributions, you can associate a certificate without specifying any domain names. For more information, see the Moving an alternate domain name to a different distribution section in the README.


enabledOptional
public java.lang.Boolean getEnabled();
  • Type: java.lang.Boolean
  • Default: true

Enable or disable the distribution.


enableIpv6Optional
public java.lang.Boolean getEnableIpv6();
  • Type: java.lang.Boolean
  • Default: true

Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address.

If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.


enableLoggingOptional
public java.lang.Boolean getEnableLogging();
  • Type: java.lang.Boolean
  • Default: false, unless logBucket is specified.

Enable access logging for the distribution.


errorResponsesOptional
public java.util.List<ErrorResponse> getErrorResponses();
  • Type: java.util.List
  • Default: No custom error responses.

How CloudFront should handle requests that are not successful (e.g., PageNotFound).


geoRestrictionOptional
public GeoRestriction getGeoRestriction();
  • Type: software.amazon.awscdk.services.cloudfront.GeoRestriction
  • Default: No geographic restrictions

Controls the countries in which your content is distributed.


httpVersionOptional
public HttpVersion getHttpVersion();
  • Type: software.amazon.awscdk.services.cloudfront.HttpVersion
  • Default: HttpVersion.HTTP2

Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront.

For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support server name identification (SNI).


logBucketOptional
public IBucket getLogBucket();
  • Type: software.amazon.awscdk.services.s3.IBucket
  • Default: A bucket is created if enableLogging is true

The Amazon S3 bucket to store the access logs in.

Make sure to set objectOwnership to s3.ObjectOwnership.OBJECT_WRITER in your custom bucket.


logFilePrefixOptional
public java.lang.String getLogFilePrefix();
  • Type: java.lang.String
  • Default: no prefix

An optional string that you want CloudFront to prefix to the access log filenames for this distribution.


logIncludesCookiesOptional
public java.lang.Boolean getLogIncludesCookies();
  • Type: java.lang.Boolean
  • Default: false

Specifies whether you want CloudFront to include cookies in access logs.


minimumProtocolVersionOptional
public SecurityPolicyProtocol getMinimumProtocolVersion();
  • Type: software.amazon.awscdk.services.cloudfront.SecurityPolicyProtocol
  • Default: SecurityPolicyProtocol.TLS_V1_2_2021 if the 'aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021' feature flag is set; otherwise, SecurityPolicyProtocol.TLS_V1_2_2019.

The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.

CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.


priceClassOptional
public PriceClass getPriceClass();
  • Type: software.amazon.awscdk.services.cloudfront.PriceClass
  • Default: PriceClass.PRICE_CLASS_ALL

The price class that corresponds with the maximum price that you want to pay for CloudFront service.

If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class.


publishAdditionalMetricsOptional
public java.lang.Boolean getPublishAdditionalMetrics();
  • Type: java.lang.Boolean
  • Default: false

Whether to enable additional CloudWatch metrics.


sslSupportMethodOptional
public SSLMethod getSslSupportMethod();
  • Type: software.amazon.awscdk.services.cloudfront.SSLMethod
  • Default: SSLMethod.SNI

The SSL method CloudFront will use for your distribution.

Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.

CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.

If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).

See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/


webAclIdOptional
public java.lang.String getWebAclId();
  • Type: java.lang.String
  • Default: No AWS Web Application Firewall web access control list (web ACL).

Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.

To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.


ManagedRule

Represents a WAF V2 managed rule.

Initializer

import software.aws.pdk.static_website.ManagedRule;

ManagedRule.builder()
    .name(java.lang.String)
    .vendor(java.lang.String)
    .build();

Properties

Name Type Description
name java.lang.String The name of the managed rule group.
vendor java.lang.String The name of the managed rule group vendor.

nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The name of the managed rule group.

You use this, along with the vendor name, to identify the rule group.


vendorRequired
public java.lang.String getVendor();
  • Type: java.lang.String

The name of the managed rule group vendor.

You use this, along with the rule group name, to identify the rule group.


RuntimeOptions

Dynamic configuration which gets resolved only during deployment.

Example

// Example automatically generated from non-compiling source. May contain errors.
// Will store a JSON file called runtime-config.json in the root of the StaticWebsite S3 bucket containing any
// and all resolved values.
Map<String, Map<String, Object>> runtimeConfig = Map.of("jsonPayload", Map.of("bucketArn", s3Bucket.getBucketArn()));
StaticWebsite.Builder.create(scope, "StaticWebsite").websiteContentPath("path/to/website").runtimeConfig(runtimeConfig).build();

Initializer

import software.aws.pdk.static_website.RuntimeOptions;

RuntimeOptions.builder()
    .jsonPayload(java.lang.Object)
//  .jsonFileName(java.lang.String)
    .build();

Properties

Name Type Description
jsonPayload java.lang.Object Arbitrary JSON payload containing runtime values to deploy.
jsonFileName java.lang.String File name to store runtime configuration (jsonPayload).

jsonPayloadRequired
public java.lang.Object getJsonPayload();
  • Type: java.lang.Object

Arbitrary JSON payload containing runtime values to deploy.

Typically this contains resourceArns, etc which are only known at deploy time.


Example

// Example automatically generated from non-compiling source. May contain errors.
{userPoolId: some.userPool.userPoolId, someResourceArnsome.getResource().getArn();
}
jsonFileNameOptional
public java.lang.String getJsonFileName();
  • Type: java.lang.String
  • Default: "runtime-config.json"

File name to store runtime configuration (jsonPayload).

Must follow pattern: '*.json'


StaticWebsiteProps

Properties for configuring the StaticWebsite.

Initializer

import software.aws.pdk.static_website.StaticWebsiteProps;

StaticWebsiteProps.builder()
    .websiteContentPath(java.lang.String)
//  .bucketDeploymentProps(BucketDeploymentProps)
//  .defaultWebsiteBucketEncryption(BucketEncryption)
//  .defaultWebsiteBucketEncryptionKey(Key)
//  .distributionProps(DistributionProps)
//  .runtimeOptions(RuntimeOptions)
//  .webAclProps(CloudFrontWebAclProps)
//  .websiteBucket(IBucket)
    .build();

Properties

Name Type Description
websiteContentPath java.lang.String Path to the directory containing the static website files and assets.
bucketDeploymentProps BucketDeploymentProps Custom bucket deployment properties.
defaultWebsiteBucketEncryption software.amazon.awscdk.services.s3.BucketEncryption Bucket encryption to use for the default bucket.
defaultWebsiteBucketEncryptionKey software.amazon.awscdk.services.kms.Key A predefined KMS customer encryption key to use for the default bucket that gets created.
distributionProps DistributionProps Custom distribution properties.
runtimeOptions RuntimeOptions Dynamic configuration which gets resolved only during deployment.
webAclProps CloudFrontWebAclProps Limited configuration settings for the generated webAcl.
websiteBucket software.amazon.awscdk.services.s3.IBucket Predefined bucket to deploy the website into.

websiteContentPathRequired
public java.lang.String getWebsiteContentPath();
  • Type: java.lang.String

Path to the directory containing the static website files and assets.

This directory must contain an index.html file.


bucketDeploymentPropsOptional
public BucketDeploymentProps getBucketDeploymentProps();

Custom bucket deployment properties.



defaultWebsiteBucketEncryptionOptional
public BucketEncryption getDefaultWebsiteBucketEncryption();
  • Type: software.amazon.awscdk.services.s3.BucketEncryption
  • Default: "S3MANAGED"

Bucket encryption to use for the default bucket.

Supported options are KMS or S3MANAGED.

Note: If planning to use KMS, ensure you associate a Lambda Edge function to sign requests to S3 as OAI does not currently support KMS encryption. Refer to {@link https://aws.amazon.com/blogs/networking-and-content-delivery/serving-sse-kms-encrypted-content-from-s3-using-cloudfront/}


defaultWebsiteBucketEncryptionKeyOptional
public Key getDefaultWebsiteBucketEncryptionKey();
  • Type: software.amazon.awscdk.services.kms.Key

A predefined KMS customer encryption key to use for the default bucket that gets created.

Note: This is only used if the websiteBucket is left undefined, otherwise all settings from the provided websiteBucket will be used.


distributionPropsOptional
public DistributionProps getDistributionProps();

Custom distribution properties.

Note: defaultBehaviour.origin is a required parameter, however it will not be used as this construct will wire it on your behalf. You will need to pass in an instance of StaticWebsiteOrigin (NoOp) to keep the compiler happy.


runtimeOptionsOptional
public RuntimeOptions getRuntimeOptions();

Dynamic configuration which gets resolved only during deployment.


webAclPropsOptional
public CloudFrontWebAclProps getWebAclProps();

Limited configuration settings for the generated webAcl.

For more advanced settings, create your own ACL and pass in the webAclId as a param to distributionProps.

Note: If pass in your own ACL, make sure the SCOPE is CLOUDFRONT and it is created in us-east-1.


websiteBucketOptional
public IBucket getWebsiteBucket();
  • Type: software.amazon.awscdk.services.s3.IBucket

Predefined bucket to deploy the website into.


Classes

StaticWebsiteOrigin

  • Implements: software.amazon.awscdk.services.cloudfront.IOrigin

If passing in distributionProps, the default behaviour.origin is a required parameter. An instance of this class can be passed in to make the compiler happy.

Initializers

import software.aws.pdk.static_website.StaticWebsiteOrigin;

new StaticWebsiteOrigin();
Name Type Description

Methods

Name Description
bind The method called when a given Origin is added (for the first time) to a Distribution.

bind
public OriginBindConfig bind(Construct _scope, OriginBindOptions _options)

The method called when a given Origin is added (for the first time) to a Distribution.

_scopeRequired
  • Type: software.constructs.Construct

_optionsRequired
  • Type: software.amazon.awscdk.services.cloudfront.OriginBindOptions


Last update: 2024-12-20