anaarezo/generic-waf-cdk-example_three.ts

## generic-waf-cdk-example_three.ts
import * as cdk from "aws-cdk-lib";
import * as cloudfront from "aws-cdk-lib/aws-cloudfront";
import * as origins from "aws-cdk-lib/aws-cloudfront-origins";
import * as acm from "aws-cdk-lib/aws-certificatemanager";
import { ApplicationStack, ApplicationStackProps } from "./application";

export function createCDN(
  stack: ApplicationStack,
  props: ApplicationStackProps
) {
  const cdnOrigin = new origins.LoadBalancerV2Origin(stack.publicAlb.alb, {
    connectionAttempts: 3,
    connectionTimeout: cdk.Duration.seconds(10),
    readTimeout: cdk.Duration.seconds(30),
    keepaliveTimeout: cdk.Duration.seconds(5),
    protocolPolicy: cloudfront.OriginProtocolPolicy.HTTPS_ONLY,
  });

  const anCert = acm.Certificate.fromCertificateArn(
    stack,
    "CDNCertificateARN",
    "arn"
  );

  const cdn = new cloudfront.Distribution(stack, "DemoDistribution", {
    defaultBehavior: {
      origin: cdnOrigin,
      allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD,
      cachePolicy: cloudfront.CachePolicy.CACHING_OPTIMIZED,
      viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
      originRequestPolicy: cloudfront.OriginRequestPolicy.ALL_VIEWER,
      compress: true,
    },
    webAclId: stack.webApplicationFirewall.attrArn,
    domainNames: ["example.com"],
    certificate: anCert,
    priceClass: cloudfront.PriceClass.PRICE_CLASS_ALL,
  });

  return cdn;
}
	import * as cdk from "aws-cdk-lib";
	import * as cloudfront from "aws-cdk-lib/aws-cloudfront";
	import * as origins from "aws-cdk-lib/aws-cloudfront-origins";
	import * as acm from "aws-cdk-lib/aws-certificatemanager";
	import { ApplicationStack, ApplicationStackProps } from "./application";

	export function createCDN(
	stack: ApplicationStack,
	props: ApplicationStackProps
	) {
	const cdnOrigin = new origins.LoadBalancerV2Origin(stack.publicAlb.alb, {
	connectionAttempts: 3,
	connectionTimeout: cdk.Duration.seconds(10),
	readTimeout: cdk.Duration.seconds(30),
	keepaliveTimeout: cdk.Duration.seconds(5),
	protocolPolicy: cloudfront.OriginProtocolPolicy.HTTPS_ONLY,
	});

	const anCert = acm.Certificate.fromCertificateArn(
	stack,
	"CDNCertificateARN",
	"arn"
	);

	const cdn = new cloudfront.Distribution(stack, "DemoDistribution", {
	defaultBehavior: {
	origin: cdnOrigin,
	allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD,
	cachePolicy: cloudfront.CachePolicy.CACHING_OPTIMIZED,
	viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
	originRequestPolicy: cloudfront.OriginRequestPolicy.ALL_VIEWER,
	compress: true,
	},
	webAclId: stack.webApplicationFirewall.attrArn,
	domainNames: ["example.com"],
	certificate: anCert,
	priceClass: cloudfront.PriceClass.PRICE_CLASS_ALL,
	});

	return cdn;
	}