|
8 | 8 | import software.amazon.awscdk.services.cloudfront.BehaviorOptions; |
9 | 9 | import software.amazon.awscdk.services.cloudfront.CachePolicy; |
10 | 10 | import software.amazon.awscdk.services.cloudfront.Distribution; |
| 11 | +import software.amazon.awscdk.services.cloudfront.OriginAccessIdentity; |
| 12 | +import software.amazon.awscdk.services.cloudfront.OriginRequestPolicy; |
11 | 13 | import software.amazon.awscdk.services.cloudfront.SecurityPolicyProtocol; |
12 | 14 | import software.amazon.awscdk.services.cloudfront.ViewerProtocolPolicy; |
13 | 15 | import software.amazon.awscdk.services.cloudfront.origins.FunctionUrlOrigin; |
@@ -52,17 +54,23 @@ public CloudFrontFunctionURLStack(CloudFrontFunctionURLBuilder builder) { |
52 | 54 | .build()); |
53 | 55 | var functionURLOrigin = new FunctionUrlOrigin(functionUrl); |
54 | 56 | var distribution = Distribution.Builder.create(this, "FunctionURLDistribution") |
55 | | - .minimumProtocolVersion(SecurityPolicyProtocol.SSL_V3) |
| 57 | + .minimumProtocolVersion(SecurityPolicyProtocol.TLS_V1_2_2021) |
56 | 58 | .defaultBehavior(BehaviorOptions.builder() |
57 | 59 | .origin(functionURLOrigin) |
| 60 | + .viewerProtocolPolicy(ViewerProtocolPolicy.HTTPS_ONLY) |
58 | 61 | .allowedMethods(AllowedMethods.ALLOW_ALL) |
59 | | - .viewerProtocolPolicy(ViewerProtocolPolicy.REDIRECT_TO_HTTPS) |
60 | 62 | .cachePolicy(CachePolicy.CACHING_DISABLED) |
| 63 | + .originRequestPolicy(OriginRequestPolicy.ALL_VIEWER) |
61 | 64 | .build()) |
| 65 | + /** |
| 66 | + * minimum policy only works with custom certificate |
| 67 | + * |
| 68 | + */ |
| 69 | + .minimumProtocolVersion(SecurityPolicyProtocol.TLS_V1_2_2021) |
62 | 70 | .build(); |
63 | 71 | CfnOutput.Builder.create(this, "CloudFrontDistributionDomainNameOutput") |
64 | 72 | .value(distribution.getDistributionDomainName()).build(); |
65 | | - |
| 73 | + CfnOutput.Builder.create(this, "FunctionURLOutput").value(functionUrl.getUrl()).build(); |
66 | 74 | } |
67 | 75 |
|
68 | 76 | } |
0 commit comments