Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
function SiteGateway(props: StaticSiteProps, certificate: acm.ICertificate): pure.IPure {
const iaac = pure.iaac(api.RestApi)
const fqdn = site(props)
const GW = {
[fqdn]: (): api.RestApiProps => ({
binaryMediaTypes: MediaTypes(props),
deploy: true,
deployOptions: {
stageName: (props.sites && props.sites.length > 0) ? props.sites[0].site.split('/')[0] : 'api'
},
domainName: {
certificate,
domainName: site(props),
},
endpointTypes: [api.EndpointType.REGIONAL],
failOnWarnings: true,
})
}
function CDN(props: StaticSiteProps, acmCertRef: string, s3BucketSource: s3.IBucket): pure.IPure {
const iaac = pure.iaac(cdn.CloudFrontWebDistribution)
const SiteCDN = (): cdn.CloudFrontWebDistributionProps => ({
aliasConfiguration: {
acmCertRef,
names: [ site(props) ],
securityPolicy: cdn.SecurityPolicyProtocol.TLS_V1_2_2018,
sslMethod: cdn.SSLMethod.SNI,
},
httpVersion: cdn.HttpVersion.HTTP1_1,
originConfigs: [
{
behaviors : [
{
defaultTtl: cdk.Duration.hours(24),
forwardedValues: {queryString: true},
isDefaultBehavior: true,
maxTtl: cdk.Duration.hours(24),
function GatewayDNS(props: GatewayProps, zone: dns.IHostedZone, restapi: api.RestApi): pure.IPure {
const iaac = pure.iaac(dns.ARecord)
const ApiDNS = (): dns.ARecordProps => ({
recordName: site(props),
target: {aliasTarget: new target.ApiGateway(restapi)},
ttl: cdk.Duration.seconds(60),
zone,
})
return iaac(ApiDNS)
}
function Origin(props: StaticSiteProps, publicReadAccess: boolean = true): pure.IPure {
const iaac = pure.iaac(s3.Bucket)
const SiteS3 = () => ({
bucketName: site(props),
publicReadAccess,
removalPolicy: cdk.RemovalPolicy.DESTROY,
websiteErrorDocument: 'error.html',
websiteIndexDocument: 'index.html',
})
return iaac(SiteS3)
}
function OriginAccessPolicy(origin: s3.IBucket): pure.IaaC {
const role = pure.iaac(iam.Role)
const SiteRole = (): iam.RoleProps => ({
assumedBy: new iam.ServicePrincipal('apigateway.amazonaws.com')
})
const ReadOnly = (): iam.PolicyStatement => (
new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [`${origin.bucketArn}/*`],
})
)
return role(SiteRole).effect(x => x.addToPolicy(ReadOnly()))
}
export function Certificate(site: string, hostedZone: dns.IHostedZone, arn?: string): pure.IPure {
if (arn) {
const wrap = pure.include(acm.Certificate.fromCertificateArn)
const SiteCA = (): string => arn
return wrap(SiteCA)
} else {
const iaac = pure.iaac(acm.DnsValidatedCertificate)
const SiteCA = (): acm.DnsValidatedCertificateProps => ({ domainName: site, hostedZone })
return iaac(SiteCA)
}
}
function GatewayDNS(props: StaticSiteProps, zone: dns.IHostedZone, restapi: api.RestApi): pure.IPure {
const iaac = pure.iaac(dns.ARecord)
const SiteDNS = (): dns.ARecordProps => ({
recordName: site(props),
target: {aliasTarget: new target.ApiGateway(restapi)},
ttl: cdk.Duration.seconds(60),
zone,
})
return iaac(SiteDNS)
}