feat: adds shared-static-website-hosting

moltar · moltar · commit 68b318ac4d35 · 2022-09-16T15:07:09.000+01:00
diff --git a/src/index.ts b/src/index.ts
@@ -1,7 +1 @@
-import { Construct } from 'constructs';
-
-export class StaticWebsitePreview extends Construct {
-  constructor(scope: Construct, id: string) {
-    super(scope, id);
-  }
-}
+export * from './shared-static-website-hosting';
diff --git a/src/request-handler/index.ts b/src/request-handler/index.ts
@@ -0,0 +1 @@
+export * from './request-handler';
diff --git a/src/request-handler/request-handler.ts b/src/request-handler/request-handler.ts
@@ -0,0 +1,18 @@
+import type { CloudFrontRequestHandler } from 'aws-lambda';
+
+export const handler: CloudFrontRequestHandler = async (event) => {
+  const request = event.Records[0].cf.request;
+
+  if (request.uri.endsWith('/')) {
+    request.uri += 'index.html';
+  }
+
+  for (const [headerName, [header]] of Object.entries(request.headers)) {
+    if (headerName === 'host') {
+      const [subDomain] = header.value.split('.');
+      request.uri = ['/', subDomain, request.uri].join('');
+    }
+  }
+
+  return request;
+};
diff --git a/src/shared-static-website-hosting.ts b/src/shared-static-website-hosting.ts
@@ -0,0 +1,110 @@
+import { RemovalPolicy } from 'aws-cdk-lib';
+import { CertificateValidation, DnsValidatedCertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { Distribution, OriginAccessIdentity, IDistribution, LambdaEdgeEventType, CachePolicy } from 'aws-cdk-lib/aws-cloudfront';
+import { S3Origin } from 'aws-cdk-lib/aws-cloudfront-origins';
+import { Runtime } from 'aws-cdk-lib/aws-lambda';
+import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
+import { ARecord, IHostedZone, RecordTarget } from 'aws-cdk-lib/aws-route53';
+import { CloudFrontTarget } from 'aws-cdk-lib/aws-route53-targets';
+import { BlockPublicAccess, Bucket, BucketAccessControl, BucketEncryption, IBucket, ObjectOwnership } from 'aws-cdk-lib/aws-s3';
+import { Construct } from 'constructs';
+
+const WILDCARD_RECORD_NAME = '*';
+
+interface SharedStaticWebsiteHostingProps {
+  /**
+   * A hosted zone that is open for modification by the construct. This construct will add a wildcard
+   * A record that points to the CloudFront distribution.
+   */
+  hostedZone: IHostedZone;
+
+  /**
+   * An S3 bucket where the static files will be stored.
+   *
+   * This construct assumes full control of the bucket.
+   *
+   * @default
+   *
+   * A new bucket will be created, if not provided.
+   */
+  bucket?: IBucket;
+}
+
+/**
+ * Host static websites on a shared CloudFront distribution.
+ */
+export class SharedStaticWebsiteHosting extends Construct {
+  /**
+   * Bucket where the static files are stored.
+   */
+  readonly bucket: IBucket;
+
+  /**
+   * CloudFront distribution.
+   */
+  readonly distribution: IDistribution;
+
+  readonly #hostedZone: IHostedZone;
+
+  constructor(scope: Construct, id: string, props: SharedStaticWebsiteHostingProps) {
+    super(scope, id);
+
+    this.#hostedZone = props.hostedZone;
+    const domainName = [WILDCARD_RECORD_NAME, this.#hostedZone.zoneName].join('.');
+
+    this.bucket = props.bucket ?? new Bucket(this, 'Bucket', {
+      removalPolicy: RemovalPolicy.DESTROY,
+      autoDeleteObjects: true,
+
+      publicReadAccess: false,
+      blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+      accessControl: BucketAccessControl.PRIVATE,
+      objectOwnership: ObjectOwnership.BUCKET_OWNER_ENFORCED,
+      encryption: BucketEncryption.S3_MANAGED,
+    });
+
+    const originAccessIdentity = new OriginAccessIdentity(this, 'OriginAccessIdentity', {
+      comment: `CloudFront OriginAccessIdentity for ${this.bucket.bucketName}`,
+    });
+
+    // https://github.com/aws/aws-cdk/issues/13983
+    this.bucket.grantRead(originAccessIdentity);
+
+    const certificate = new DnsValidatedCertificate(this, 'Certificate', {
+      hostedZone: this.#hostedZone,
+      domainName,
+      validation: CertificateValidation.fromDns(),
+      cleanupRoute53Records: true,
+
+      // CloudFront distributions requires the region to be us-east-1.
+      region: 'us-east-1',
+    });
+
+    const originRequestHandler = new NodejsFunction(this, 'OriginRequestHandler', {
+      entry: require.resolve('./request-handler'),
+      runtime: Runtime.NODEJS_16_X,
+    });
+
+    this.distribution = new Distribution(this, 'Distribution', {
+      defaultBehavior: {
+        origin: new S3Origin(this.bucket, { originAccessIdentity }),
+        edgeLambdas: [
+          {
+            eventType: LambdaEdgeEventType.VIEWER_REQUEST,
+            functionVersion: originRequestHandler.currentVersion,
+          },
+        ],
+      },
+      domainNames: [domainName],
+      certificate,
+      defaultRootObject: 'index.html',
+    });
+
+    new ARecord(this, 'AWildcardRecord', {
+      zone: this.#hostedZone,
+      recordName: WILDCARD_RECORD_NAME,
+      target: RecordTarget.fromAlias(new CloudFrontTarget(this.distribution)),
+      comment: `A sub-domain for the ${SharedStaticWebsiteHosting.name} construct.`,
+    });
+  }
+}
diff --git a/test/integ.ts b/test/integ.ts
diff --git a/test/shared-static-website-hosting.integ.ts b/test/shared-static-website-hosting.integ.ts
@@ -0,0 +1,53 @@
+import { IntegTest, IntegTestCaseStack } from '@aws-cdk/integ-tests-alpha';
+import { App, CfnOutput } from 'aws-cdk-lib';
+import { HostedZone } from 'aws-cdk-lib/aws-route53';
+import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment';
+import { SharedStaticWebsiteHosting } from '../src';
+import { AWS_ACCOUNT_ID, ROOT_ZONE_NAME } from './env';
+
+const app = new App({
+  analyticsReporting: false,
+  autoSynth: true,
+  treeMetadata: false,
+});
+
+const testStack = new IntegTestCaseStack(app, 'ITS', {
+  // needed for HostedZone.fromLookup
+  env: {
+    account: AWS_ACCOUNT_ID,
+    region: 'us-east-1',
+  },
+});
+
+const rootZone = HostedZone.fromLookup(testStack, 'RootZone', {
+  domainName: ROOT_ZONE_NAME,
+});
+
+const swp = new SharedStaticWebsiteHosting(testStack, 'SharedStaticWebsiteHosting', {
+  hostedZone: rootZone,
+});
+
+const testSubDomain = ['test', Date.now()].join('-');
+
+new BucketDeployment(testStack, 'BucketDeployment', {
+  destinationBucket: swp.bucket,
+  distribution: swp.distribution,
+
+  // Adds test data
+  prune: false,
+  sources: [
+    Source.data(`${testSubDomain}/index.html`, 'index'),
+    Source.data(`${testSubDomain}/test.html`, 'test'),
+  ],
+});
+
+new CfnOutput(swp, 'BucketName', { value: swp.bucket.bucketName });
+new CfnOutput(swp, 'DistributionDomainName', { value: swp.distribution.distributionDomainName });
+new CfnOutput(swp, 'TestCloudFrontURL', { value: `https://${swp.distribution.distributionDomainName}/${testSubDomain}/` });
+new CfnOutput(swp, 'TestURL', { value: `https://${testSubDomain}.${rootZone.zoneName}/` });
+
+new IntegTest(app, 'IT1', {
+  testCases: [
+    testStack,
+  ],
+});
