The latest articles on Forem by Erik Petrinec (@htmnk). https://forem.com/htmnk https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F989502%2Fa07a597a-2896-4f8c-8f57-dd4c0af2a536.jpeg https://forem.com/htmnk en Erik Petrinec Wed, 01 Feb 2023 19:30:50 +0000 https://forem.com/htmnk/caching-site-assets-with-aws-cdk-s3-snippet-3hp9 https://forem.com/htmnk/caching-site-assets-with-aws-cdk-s3-snippet-3hp9 <blockquote> <p>Getting caching right yields huge performance benefits, saves bandwidth and reduces server costs... <a href="https://jakearchibald.com/2016/caching-best-practices/" rel="noopener noreferrer">more</a><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">join</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">s3deploy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-s3-deployment</span><span class="dl">'</span> <span class="kd">type</span> <span class="nx">CacheControlMaxAge</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">0</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">31536000</span><span class="dl">'</span> <span class="kd">type</span> <span class="nx">SiteBucketDeploymentProps</span> <span class="o">=</span> <span class="nb">Omit</span><span class="o">&lt;</span><span class="nx">s3deploy</span><span class="p">.</span><span class="nx">BucketDeploymentProps</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sources</span><span class="dl">'</span><span class="o">&gt;</span> <span class="o">&amp;</span> <span class="p">{</span> <span class="na">sitePaths</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="na">longCacheFileExtensions</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="p">}</span> <span class="kd">type</span> <span class="nx">CachedBucketDeploymentProps</span> <span class="o">=</span> <span class="nx">SiteBucketDeploymentProps</span> <span class="o">&amp;</span> <span class="p">{</span> <span class="na">maxAge</span><span class="p">:</span> <span class="nx">CacheControlMaxAge</span> <span class="p">}</span> <span class="kd">class</span> <span class="nc">CachedBucketDeployment</span> <span class="kd">extends</span> <span class="nc">s3deploy</span><span class="p">.</span><span class="nx">BucketDeployment</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">:</span> <span class="nx">CachedBucketDeploymentProps</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sitePaths</span><span class="p">,</span> <span class="nx">longCacheFileExtensions</span><span class="p">,</span> <span class="nx">maxAge</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">props</span> <span class="kd">const</span> <span class="nx">longCacheFiles</span> <span class="o">=</span> <span class="s2">`.{</span><span class="p">${</span><span class="nx">longCacheFileExtensions</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">)}</span><span class="s2">}`</span> <span class="kd">const</span> <span class="nx">assetOptions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">exclude</span><span class="p">:</span> <span class="p">[</span> <span class="p">...(</span><span class="nx">maxAge</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">31536000</span><span class="dl">'</span> <span class="p">?</span> <span class="p">[</span><span class="dl">'</span><span class="s1">**/*.*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">!**/*</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">longCacheFiles</span><span class="p">]</span> <span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">**/*</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">longCacheFiles</span><span class="p">]),</span> <span class="p">],</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">cacheControl</span> <span class="o">=</span> <span class="s2">`max-age=</span><span class="p">${</span><span class="nx">maxAge</span><span class="p">}</span><span class="s2">,public,</span><span class="p">${</span> <span class="nx">maxAge</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">31536000</span><span class="dl">'</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">immutable</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">must-revalidate</span><span class="dl">'</span> <span class="p">}</span><span class="s2">`</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="p">...</span><span class="nx">props</span><span class="p">,</span> <span class="na">sources</span><span class="p">:</span> <span class="p">[</span><span class="nx">s3deploy</span><span class="p">.</span><span class="nx">Source</span><span class="p">.</span><span class="nf">asset</span><span class="p">(</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="p">...</span><span class="nx">sitePaths</span><span class="p">),</span> <span class="nx">assetOptions</span><span class="p">)],</span> <span class="na">cacheControl</span><span class="p">:</span> <span class="p">[</span><span class="nx">s3deploy</span><span class="p">.</span><span class="nx">CacheControl</span><span class="p">.</span><span class="nf">fromString</span><span class="p">(</span><span class="nx">cacheControl</span><span class="p">)],</span> <span class="na">prune</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="cm">/** * Creates multiple bucket deployments for the same destination bucket * in order to set different Cache-Control headers (rule of thumb: * either a very long `maxAge` or `maxAge: 0`) for different types of files. * * `.css`, `.js` files are usually distributed with a hash such as `[name].[contenthash].js` * so a `max-age=31536000,public,immutable` Cache-Control header will be set. * * `.html` files are usually expected to be invalidated every time since their URLs * cannot be versioned and their content must be able to change so a * `public,max-age=0,must-revalidate` header will be set for all the file extensions * that are not found inside `longCacheFileExtensions`. * * @example * new SiteBucketDeployment(this, 'SiteDeployment', { * longCacheFileExtensions: ['js', 'css'], * sitePaths: ['..', '..', 'dist'], * }) * */</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">SiteBucketDeployment</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">_maxAgePatterns</span><span class="p">:</span> <span class="nx">CacheControlMaxAge</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">0</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">31536000</span><span class="dl">'</span><span class="p">]</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">_constructIdSuffix</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="nx">CacheControlMaxAge</span><span class="p">,</span> <span class="kr">string</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">0</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">NoCache</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">31536000</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">LongCache</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="k">private</span> <span class="nf">_createCachedBucketDeployment</span><span class="p">(</span> <span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">:</span> <span class="nx">CachedBucketDeploymentProps</span><span class="p">,</span> <span class="nx">cleanupDeployment</span><span class="p">:</span> <span class="nx">s3deploy</span><span class="p">.</span><span class="nx">BucketDeployment</span> <span class="p">)</span> <span class="p">{</span> <span class="k">new</span> <span class="nc">CachedBucketDeployment</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span> <span class="o">+</span> <span class="k">this</span><span class="p">.</span><span class="nx">_constructIdSuffix</span><span class="p">[</span><span class="nx">props</span><span class="p">.</span><span class="nx">maxAge</span><span class="p">],</span> <span class="p">{</span> <span class="p">...</span><span class="nx">props</span><span class="p">,</span> <span class="na">maxAge</span><span class="p">:</span> <span class="nx">props</span><span class="p">.</span><span class="nx">maxAge</span><span class="p">,</span> <span class="p">}).</span><span class="nx">node</span><span class="p">.</span><span class="nf">addDependency</span><span class="p">(</span><span class="nx">cleanupDeployment</span><span class="p">)</span> <span class="p">}</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">:</span> <span class="nx">SiteBucketDeploymentProps</span><span class="p">)</span> <span class="p">{</span> <span class="cm">/** * Initial deployment for cleaning up the content from previous deploys. * Since `prune: false` is used for the actual deployments, in some cases the * unnecessary files (i.e some frameworks generate different static/&lt;hash&gt; directories * on every new build, etc.) won't be deleted otherwise. * * @see https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment-readme.html#prune */</span> <span class="kd">const</span> <span class="nx">cleanupDeployment</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">s3deploy</span><span class="p">.</span><span class="nc">BucketDeployment</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">Cleanup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="p">...</span><span class="nx">props</span><span class="p">,</span> <span class="na">sources</span><span class="p">:</span> <span class="p">[</span><span class="nx">s3deploy</span><span class="p">.</span><span class="nx">Source</span><span class="p">.</span><span class="nf">asset</span><span class="p">(</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="p">...</span><span class="nx">props</span><span class="p">.</span><span class="nx">sitePaths</span><span class="p">))],</span> <span class="na">prune</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> <span class="k">this</span><span class="p">.</span><span class="nx">_maxAgePatterns</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">maxAge</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">_createCachedBucketDeployment</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="p">...</span><span class="nx">props</span><span class="p">,</span> <span class="nx">maxAge</span> <span class="p">},</span> <span class="nx">cleanupDeployment</span><span class="p">)</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://gist.github.com/htmnk/507ece0ecf98d1dd0cb4aa94f53a291b#file-sitebucketdeployment-ts" rel="noopener noreferrer">View Gist</a></p> <p>When using AWS CDK we can set the <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noopener noreferrer">Cache-Control</a> headers with <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingMetadata.html" rel="noopener noreferrer">S3 object metadata</a> on our <code>BucketDeployment</code> construct (check out my article on how to deploy a site to AWS with CDK below if you need an introduction to CDK).</p> <div class="ltag__link"> <a href="/htmnk" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F989502%2Fa07a597a-2896-4f8c-8f57-dd4c0af2a536.jpeg" alt="htmnk"> </div> </a> <a href="/htmnk/deploy-a-static-site-to-aws-s3-and-cloudfront-using-aws-cdk-21d4" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Deploy a static site to AWS S3 and CloudFront using AWS CDK</h2> <h3>Erik Petrinec ・ Jan 26 '23</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#typescript</span> <span class="ltag__link__tag">#webdev</span> <span class="ltag__link__tag">#tutorial</span> </div> </div> </a> </div> <p><strong>Rule of thumb</strong></p> <ul> <li>Set the <code>max-age=31536000,public,immutable</code> directives for all assets that have been processed with <code>[contenthash]</code> substitutions. Many frameworks typically produce files with names such as <code>[name].[contenthash].js</code>, etc. when building the app (see <a href="https://webpack.js.org/guides/caching/" rel="noopener noreferrer">Webpack Caching</a>). These are usually all the <code>.js</code>, <code>.css</code>, and statically imported images. These directives can also be used for other files, but we need to ensure that we version the path to the files ourselves by changing the file name to revalidate. Otherwise, our users may have stale files loaded until they perform a hard refresh.</li> <li>Alternatively, set <code>public,max-age=0,must-revalidate</code> (or <code>max-age=0,no-cache,no-store</code> - see <a href="https://stackoverflow.com/questions/18148884/difference-between-no-cache-and-must-revalidate-for-cache-control" rel="noopener noreferrer">difference</a>) directives. These are typically all the document <code>.html</code> files. Since these URLs cannot be versioned and the content changes frequently, we don't want to cache them at all.</li> </ul> <p><strong>Custom Props</strong></p> <ul> <li> <code>sitePaths</code> - The site build folder that is being deployed. Uses <a href="https://nodejs.org/api/path.html#pathjoinpaths" rel="noopener noreferrer">path.join</a> to join and normalize the resulting path.</li> <li> <code>longCacheFileExtensions</code> - Sets <code>max-age=31536000</code> to all the files with the specified extension located inside the <code>sitePaths</code> directory. Otherwise, it sets <code>max-age=0</code> to all the files that are not found inside the array.</li> </ul> <p>You can play around with the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment-readme.html#exclude-and-include-filters" rel="noopener noreferrer">asset bundling exclude filters</a> and exclude/include directories or files instead of file extensions as I did above. The <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment-readme.html#aws-s3-deployment-construct-library" rel="noopener noreferrer">s3deploy.BucketDeployment</a> can be then replaced with the <code>SiteBucketDeployment</code> construct<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">new</span> <span class="nc">SiteBucketDeployment</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BlogBucketDeployment</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">longCacheFileExtensions</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">js</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">css</span><span class="dl">'</span><span class="p">],</span> <span class="c1">// relative to where the `SiteBucketDeployment.ts` file is located</span> <span class="na">sitePaths</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">..</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">..</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">dist</span><span class="dl">'</span><span class="p">],</span> <span class="na">destinationBucket</span><span class="p">:</span> <span class="nx">bucket</span><span class="p">,</span> <span class="na">distributionPaths</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/*</span><span class="dl">'</span><span class="p">],</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://gist.github.com/htmnk/507ece0ecf98d1dd0cb4aa94f53a291b#file-cdk-stack-ts" rel="noopener noreferrer">View Gist</a></p> <p>💡 The same results could also be achieved through the AWS Console manually if you are not using CDK, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-object-metadata.html" rel="noopener noreferrer">editing object metadata in the Amazon S3 console</a></p> <ol> <li> Open the Amazon S3 console and your bucket.</li> <li> Select the check box to the left of a file/directory.</li> <li> On the Actions menu, choose Edit actions, and choose Edit metadata.</li> <li> Choose Add metadata.</li> <li> For metadata Type, select System-defined.</li> <li> Select <code>Cache-Control</code> for the key and add <code>max-age=31536000,public,immutable</code> as the value.</li> <li> When you are done, hit Save Changes and Amazon S3 should edit all the selected files recursively, you can verify it by opening a specific file and scrolling down to the metadata section.</li> </ol> webdev aws performance typescript Erik Petrinec Thu, 26 Jan 2023 09:44:44 +0000 https://forem.com/htmnk/deploy-a-static-site-to-aws-s3-and-cloudfront-using-aws-cdk-21d4 https://forem.com/htmnk/deploy-a-static-site-to-aws-s3-and-cloudfront-using-aws-cdk-21d4 <p>Amazon Web Services (AWS) is the most comprehensive and widely adopted cloud platform in the world. Using the AWS Cloud Development Kit (CDK), we can easily define our cloud infrastructure as code (using TypeScript) and host our site on S3, serving it with Amazon's high-performance CloudFront CDN.</p> <p><strong>Full Source Code available on GitHub</strong></p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/htmnk" rel="noopener noreferrer"> htmnk </a> / <a href="https://github.com/htmnk/aws-cdk-static-site-starter" rel="noopener noreferrer"> aws-cdk-static-site-starter </a> </h2> <h3> An AWS CDK, S3 &amp; CloudFront static site deploy starter template (blog post repo) </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">Static Site Deploy AWS CDK template</h1> </div> <p>🎉 Tutorial <a href="https://e53nec.com/posts/aws-cdk-s3-cloudfront-static-site-deploy/" rel="nofollow noopener noreferrer"><strong>here</strong></a>.</p> <p>This is a starter template for deploying a static site with AWS CDK. Make sure to add your own <code>.env</code> file to <code>/cdk</code></p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto js-code-highlight"> <pre>CDK_REGION=us-east-1 CDK_ACCOUNT=2383838383 DOMAIN_NAME=e53nec.com</pre> </div> </div> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/htmnk/aws-cdk-static-site-starter" rel="noopener noreferrer">View on GitHub</a></div> <br> </div> <br> <h2> Prerequisites </h2> <ul> <li>☑ Node.js (LTS recommended), Git and TypeScript (globally via npm) installed</li> <li>☑ Have an AWS account and access to the <a href="https://aws.amazon.com/console/" rel="noopener noreferrer">AWS Management Console</a> </li> </ul> <h2> Todo </h2> <ul> <li>☐ <strong>Create a demo static site</strong> </li> </ul> <p>build a site to a ready-to-deploy folder, I will be using <a href="https://gohugo.io/" rel="noopener noreferrer">Hugo</a> today, but any framework of your choice will suffice</p> <ul> <li>☐ <strong>Setup a new AWS CDK project</strong> </li> </ul> <p>install everything <a href="https://docs.aws.amazon.com/cdk/v2/guide/home.html" rel="noopener noreferrer">AWS CDK</a> related, configure AWS credentials and set up a new CDK TypeScript project</p> <ul> <li>☐ <strong>Define AWS resources for the deployment</strong> </li> </ul> <p>deep dive into the CDK app, take a look at <a href="https://docs.aws.amazon.com/cdk/v2/guide/stacks.html" rel="noopener noreferrer">stacks</a> and define all the necessary <a href="https://docs.aws.amazon.com/cdk/v2/guide/constructs.html" rel="noopener noreferrer">CDK constructs</a> for a static site deploy (<code>s3.bucket</code>, <code>cloudfront.Distribution</code>, etc.)</p> <ul> <li>☐ <strong>Deploy the site</strong> </li> </ul> <p>run our first deployment with the <a href="https://docs.aws.amazon.com/cdk/v2/guide/cli.html" rel="noopener noreferrer">CDK Toolkit commands</a>, view the deployed stack and resources inside the AWS Management Console</p> <ul> <li>☐ <strong>Security and Domain Name</strong> </li> </ul> <p>scan our site with <a href="https://observatory.mozilla.org/" rel="noopener noreferrer">Mozilla Observatory</a> and improve our grade by registering a domain name, enabling HTTPS, adding a certificate and setting security headers</p> <h2> Create a demo static site </h2> <blockquote> <p>⚠️ If you already have a static site ready, you can skip this todo and proceed to <strong>Setup a new AWS CDK project</strong>.</p> </blockquote> <p>For the purposes of this tutorial, we will not be focusing on fine-tuning the site contents. Today, I will be deploying a simple static blog and have chosen to use <a href="https://gohugo.io/" rel="noopener noreferrer">Hugo</a> as my framework (other popular alternatives for this purpose include <a href="https://www.11ty.dev/" rel="noopener noreferrer">11ty</a>, <a href="https://astro.build/" rel="noopener noreferrer">Astro</a>, and <a href="https://jekyllrb.com/" rel="noopener noreferrer">Jekyll</a>). I don't need any complex user interactions, so a static site generator is sufficient for my needs.<br> If you plan to use Hugo as well, make sure it is <a href="https://gohugo.io/installation" rel="noopener noreferrer">installed</a> on your machine. Then, open up a terminal (on Windows, it's recommended to use an Unix command line terminal or Powershell; <a href="https://www.atlassian.com/git/tutorials/git-bash" rel="noopener noreferrer">Git Bash</a> is usually the easiest option),</p> <p>and run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hugo version <span class="c"># hugo v0.103.0+extended darwin/arm64 BuildDate=unknown</span> </code></pre> </div> <p>to verify your installation. You should get a similar output to the one above.</p> <p>Now that the hard part is done, we can generate our site by running<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hugo new site my-blog </code></pre> </div> <p>Running the command above should generate a new <code>my-blog</code> folder within the current directory. Let's move inside that folder and pull in a theme from GitHub (you can see a full list of available themes <a href="https://themes.gohugo.io/" rel="noopener noreferrer">here</a>). I'll be using the <a href="https://themes.gohugo.io/themes/hugo-paper/" rel="noopener noreferrer">Paper</a> theme today<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>my-blog git init git submodule add https://github.com/nanxiaobei/hugo-paper themes/paper </code></pre> </div> <p>You should see a new subfolder under <code>themes</code>, in my case it is called <code>themes/paper</code>. Since we are using Git submodules to manage themes, you should also see a new <code>.gitmodules</code> file being generated in the root directory.</p> <p>While we're at it, let's also add a <code>.gitignore</code> file for Hugo. Create a new file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">touch</span> .gitignore </code></pre> </div> <p>Similar to other frameworks, we do not want to include any build files or automatically generated files in our repository. In Hugo, the build folder is called <code>/public</code> by default, so let's add that to our <code>.gitignore</code> file to exclude it from version control<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generated files by hugo</span> /public/ <span class="c"># Temporary lock file while building</span> /.hugo_build.lock </code></pre> </div> <p>Now that we've taken care of the Git-related stuff, let's apply the theme to our project. To do this, we just need to add a new line to the configuration file. Open up <code>config.toml</code> and add the following line<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="py">theme</span> <span class="p">=</span> <span class="s">"paper"</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/config.toml#L4" rel="noopener noreferrer">View on GitHub</a></p> <p>To add some content, use the <code>new</code> command to create a new Markdown file inside the <code>content</code> folder<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hugo new posts/my-first-post.md </code></pre> </div> <p>Hugo has excellent Markdown support and will automatically convert the contents of the file into a new page at <code>/posts/my-first-post/</code>. Let's verify that by starting up Hugo's development server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hugo server <span class="nt">-D</span> <span class="c"># ...</span> <span class="c"># Web Server is available at http://localhost:1313/</span> <span class="c"># ...</span> </code></pre> </div> <p>When you start the server, you should see some basic information output to the terminal. Look for the <code>localhost</code> URL. If you are not running anything on Hugo's default <a href="https://gohugo.io/commands/hugo_server/#options" rel="noopener noreferrer">port</a> (<code>1313</code>), the site should now be available at that URL. Open it up in a browser. With the Paper theme, the posts should also be visible on the home page by default. Visit <code>/posts/my-first-post</code> and edit the <code>/content/posts/my-first-post.md</code> file, then save your changes. Hugo should rebuild the site without stopping the server, and you should see your changes reflected on the site.</p> <p>All right we are ready to ship this thing 🚀, run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hugo <span class="nt">-D</span> </code></pre> </div> <p>By default, when you use <code>hugo new</code> to create a new post, Hugo treats it as a draft and sets the <code>draft: true</code> flag. To include content marked as a draft in the build, we need to specify the <code>-D</code> option. All of the build files will be located in the <code>/public</code> directory, and they should be <strong>ready to deploy</strong>.</p> <p><strong>Done</strong>.</p> <ul> <li>☑ Create a demo static site</li> </ul> <h2> Setup a new AWS CDK project </h2> <p>To simplify interactions with AWS services, consider installing the <a href="https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html" rel="noopener noreferrer">AWS CLI</a>. This will provide you with a set of command-line tools that allow you to easily manage your AWS resources from the terminal.</p> <blockquote> <p>Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. If you don't have access keys, you can create them from the AWS Management Console.</p> </blockquote> <p>Before we can use the AWS CDK, we need to set up AWS credentials for our account. There are several ways to do this, but for our purposes, we will use the <em>"Creating a key pair"</em> method as described in the AWS documentation. Here's how to do it, sign in to the AWS Management Console and</p> <ol> <li>Open the <a href="https://console.aws.amazon.com/iam" rel="noopener noreferrer">IAM console</a>.</li> <li>In the navigation pane, choose <em><strong>Users</strong></em> and click the <em><strong>Add Users</strong></em> button.</li> <li>Type in a <em><strong>User name</strong></em> for the key pair, I'm going with "my-blog-cdk". Check <em><strong>Access key - Programmatic access</strong></em> as the <em><strong>AWS credential type</strong></em> and hit <em><strong>Next: Permissions</strong></em>.</li> <li>Now, you could dive deeper with permissions in this step if you have to take security a bit more serious, I'm going to keep it simple, select <em><strong>Attach existing policies directly</strong></em> and check <em><strong>AdministratorAccess</strong></em>. Click <em><strong>Next: Tags</strong></em>.</li> <li>We can skip <em><strong>Tags</strong></em> and click <em><strong>Next: Review</strong></em>.</li> <li>Finally click <em><strong>Create user</strong></em>.</li> <li>Now you can either download the .<em><strong>csv</strong></em> file and use that for the configuration or simply copy-paste the <em><strong>access key ID</strong></em> and <em><strong>secret access key</strong></em> pair. ❗ Be careful with exposing the keys if you followed my steps and chose <em><strong>AdministratorAccess</strong></em> for permissions, since anyone could access your AWS resources with the key pair.</li> </ol> <p>Now that we have our AWS credentials, we can configure them for use with the AWS CDK. The easiest way to do this is to run the AWS CLI <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html" rel="noopener noreferrer">configure</a> command. On MacOS, the configuration file will be stored at <code>~/.aws/credentials</code>, so you may need to use sudo to run this command (for more information on configuration and credential file settings, see this <a href="(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)">page</a>). Alternatively, you can create the <code>.aws</code> files manually if you are not using the AWS CLI<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>aws configure <span class="c"># AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE</span> <span class="c"># AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</span> <span class="c"># Default region name [None]: us-east-1</span> <span class="c"># Default output format [None]: json</span> </code></pre> </div> <p>When prompted, enter your access key ID and secret access key from the key pair that you created earlier. For the region name, enter <code>us-east-1</code>, and for the output format, enter <code>json</code>. If you run <code>aws configure</code> again or <code>cat ~/.aws/credentials</code>, you should see your configured credentials.</p> <p>Alright we got the keys 🔑, let's move on and install the <a href="https://docs.aws.amazon.com/cdk/v2/guide/work-with.html" rel="noopener noreferrer">AWS CDK Toolkit</a> (globally) with <code>npm</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> aws-cdk </code></pre> </div> <p>If you were following the previous todo, our project folder structure currently looks something like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>my-blog │ ... ├── public <span class="c"># Hugo build folder</span> │ ... └── .gitignore </code></pre> </div> <p>The name of the build folder (in this case, <code>public</code>) is not particularly important, but it's important that we specify the correct path to the folder when we configure our deployment later. Let's create a new <code>cdk</code> folder at the same level as the <code>public</code> folder and initialize a new empty CDK project using the <a href="https://docs.aws.amazon.com/cdk/v2/guide/cli.html#cli-init" rel="noopener noreferrer">cdk init</a> command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>cdk <span class="nb">cd </span>cdk <span class="nb">sudo </span>cdk init app <span class="nt">--language</span> typescript </code></pre> </div> <p>In addition to other generated files and folders, we should focus on the <code>cdk.json</code> file first. This is a <a href="https://docs.aws.amazon.com/cdk/v2/guide/cli.html#cli-config" rel="noopener noreferrer">configuration file</a> for the CDK, and it tells the CDK Toolkit how to execute our app. It contains information such as the programming language being used, the app's entry point, and other runtime settings.</p> <blockquote> <p>If one of <code>cdk.json</code> or <code>~/.cdk.json</code> exists, options specified there will be used as defaults. Settings in <code>cdk.json</code> take precedence.</p> </blockquote> <p>When we choose <code>TypeScript</code> as the programming language with <code>cdk init</code>, it sets the <code>app</code> option to <code>"app": "npx ts-node --prefer-ts-exts bin/cdk.ts",</code>. This specifies the command that will be used to execute the CDK application.</p> <p>The command specified in the <code>app</code> option uses <a href="https://github.com/TypeStrong/ts-node" rel="noopener noreferrer">ts-node</a> by default, which is an execution engine for Node.js that allows you to run TypeScript code directly. The <code>--prefer-ts-exts</code> flag prevents <code>ts-node</code> from prioritizing precompiled <code>.js</code> files and will always import the TypeScript source code instead, if it is available. This is useful if you are also using <code>tsc</code> (the TypeScript compiler) alongside the <code>app</code> option. The <code>bin/cdk.ts</code> file is the entry point for our CDK app, which defines the main function that will be executed when the app is run.</p> <p>To make it easier to use certain values throughout our CDK app, let's define some environment variables. Create a new <code>.env</code> file inside the <code>cdk</code> folder and add the following lines (we will use these later)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">CDK_REGION</span><span class="o">=</span>us-east-1 <span class="c"># Add your AWS Account ID here,</span> <span class="c"># can be grabbed from AWS Management Console when,</span> <span class="c"># clicking on your profile in the top right dropdown</span> <span class="nv">CDK_ACCOUNT</span><span class="o">=</span>2383838383 <span class="c"># Optional, if you are planning to purchase or have a domain</span> <span class="c"># ready to use</span> <span class="nv">DOMAIN_NAME</span><span class="o">=</span>e53nec.com </code></pre> </div> <p>Even though our <code>.env</code> file does not contain any sensitive information, it is a good practice to exclude it from version control. To do this, open the <code>cdk/.gitignore</code> file and add the following line<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># env files</span> .env<span class="k">*</span> </code></pre> </div> <p>To make it easier to access the environment variables defined in the <code>.env</code> file, we will use the <a href="https://github.com/motdotla/dotenv" rel="noopener noreferrer">dotenv</a> module. This module loads environment variables from a <code>.env</code> file into our CDK app. To install dotenv, run the following command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>dotenv <span class="nt">--save</span> </code></pre> </div> <p>To use dotenv in our CDK app, we need to import and configure it in the entry point file (<code>bin/cdk.ts</code>). At the top of this file, add the following lines<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">dotenv</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">dotenv</span><span class="dl">'</span> <span class="nx">dotenv</span><span class="p">.</span><span class="nf">config</span><span class="p">()</span> <span class="p">...</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cdk</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/bin/cdk.ts#L3" rel="noopener noreferrer">View on GitHub</a></p> <p>This will import the dotenv module and use the <code>config</code> function to load the environment variables from the <code>.env</code> file. We will be able to access these variables throughout our CDK app using <code>process.env.VARIABLE_NAME</code>.</p> <p>To verify that the environment variables are being loaded correctly, we can log them to the console and execute the app with <code>ts-node</code>. Inside <code>bin/cdk.ts</code>, add the following line below the dotenv configuration<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_REGION</span><span class="p">)</span> <span class="c1">// Remove if it's working</span> <span class="p">...</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cdk</span><span class="p">.</span><span class="nc">App</span><span class="p">()</span> <span class="c1">// Initialize a CDK application</span> </code></pre> </div> <p>and run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx ts-node bin/cdk.ts </code></pre> </div> <p>You should see <code>us-east-1</code> printed to the console. Now that we have set up our CDK project and configured the environment variables, we are ready to start building our CDK app by writing CDK constructs.</p> <p><strong>Done</strong>.</p> <ul> <li>☑ Setup a new AWS CDK project</li> </ul> <h2> Define AWS resources for the deployment </h2> <p>At the top level of every CDK App we define one or multiple <a href="https://docs.aws.amazon.com/cdk/v2/guide/stacks.html" rel="noopener noreferrer">stacks</a>. Stacks are units of deployments, they are used for organizing and grouping the AWS resources together to a single deployment. In a TypeScript CDK app, any instance of the <code>cdk.Stack</code> class represents a stack. You can see an example of this with the <code>CdkStack</code> class in the <code>bin/cdk.ts</code> file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">CdkStack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/cdk-stack</span><span class="dl">'</span><span class="p">;</span> <span class="p">...</span> <span class="k">new</span> <span class="nc">CdkStack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">CdkStack</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="p">})</span> </code></pre> </div> <p>The <code>CdkStack</code> class extends the root <code>cdk.Stack</code> class, which is imported from the <code>aws-cdk-lib</code> module in the <code>lib/cdk-stack.ts</code> file. This allows us to define custom behavior for our stack in addition to the functionality provided by the base <code>cdk.Stack</code> class<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">class</span> <span class="nc">CdkStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> </code></pre> </div> <p>Inside stacks, we define <a href="https://docs.aws.amazon.com/cdk/v2/guide/constructs.html" rel="noopener noreferrer">constructs</a>, which are the basic building blocks of a CDK app. Constructs represent a <em>cloud component</em> (I'm going to use the terms <em>construct</em> and <em>components</em> interchangeably), such as an <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html" rel="noopener noreferrer">S3 Bucket</a> or a <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html" rel="noopener noreferrer">CloudFront Distribution</a>. These components are turned into AWS resources after the CDK app is deployed.</p> <p>For those who prefer visual representations, the composition of an app with stacks and constructs can be summarized with the following diagram from the AWS docs</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fug7dcjkufif95y410wne.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fug7dcjkufif95y410wne.png" alt="AWS CDK structure"></a></p> <p>We are now going to add some constructs to our stacks. The following structure is optional, but we will define a <code>BaseStack</code> which will contain all the components that can be reused across multiple site deployments and a <code>BlogStack</code> for components specific to our blog. This separation of reusable and specific components allows for greater flexibility and modularity in our app in case we plan on having multiple deployments in the future.</p> <p>Let's rename the file <code>lib/cdk-stack.ts</code> to <code>lib/base-stack.ts</code> and the exported <code>CdkStack</code> class to <code>BaseStack</code>. We will remove all unnecessary comments and add our first construct to the <code>BaseStack</code>, which will be the storage for the site: an <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html" rel="noopener noreferrer">S3 Bucket</a> 🪣<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cdk</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">s3</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-s3</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BaseStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="k">private</span> <span class="nx">_bucket</span><span class="p">:</span> <span class="nx">s3</span><span class="p">.</span><span class="nx">Bucket</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">props</span><span class="p">)</span> <span class="k">this</span><span class="p">.</span><span class="nx">_bucket</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">s3</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseBucket</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L35" rel="noopener noreferrer">View on GitHub</a></p> <blockquote> <p>Constructs are implemented in classes that extend the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/constructs.Construct.html" rel="noopener noreferrer">Construct</a> base class. You define a construct by instantiating the class.</p> </blockquote> <p>We have instantiated the <code>s3.Bucket</code> class, thus defining a new <code>Bucket</code> construct. Inside our <code>BaseStack</code>, we will also define private properties for the constructs. These will be exposed and passed down to the child <code>BlogStack</code> later. All constructs take three parameters when they are initialized: the <code>scope</code>, the <code>id</code>, and the <code>props</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">new</span> <span class="nx">s3</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseBucket</span><span class="dl">'</span><span class="p">,</span> <span class="p">{})</span> </code></pre> </div> <ul> <li> <strong>scope</strong> - The first parameter is the <code>scope</code>, which is the construct's parent or owner. This can be either a stack or another construct (in our case, the <code>BaseStack</code> will be the owner of the <code>Bucket</code> construct). In JavaScript (TypeScript), we use the <code>this</code> keyword to represent the current object for the scope.</li> <li> <strong>id</strong> - The second parameter is the <code>id</code>, which is a unique identifier within the current scope.</li> <li> <strong>props</strong> - The third parameter is the <code>props</code>, which is a set of properties that define the construct's configuration. In most cases, constructs provide sensible defaults, and if all <code>props</code> elements are optional, you can omit the <code>props</code> parameter completely (which is what we did with the bucket above).</li> </ul> <p>The first two parameters will be repetitive across the whole CDK app. To keep the construct ids unique, I will use this simple <code>StackNameConstructName</code> pattern.</p> <p>When deploying a static site to the S3 bucket, we could either</p> <ol> <li> <p><a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#websiteindexdocument" rel="noopener noreferrer">Enable static website hosting</a> by adding the <code>websiteIndexDocument</code> property to our Bucket construct. This would require changing the defaults and some additional configuration when serving the site with CloudFront.</p> <blockquote> <p>If the bucket is configured for website hosting, the CloudFront origin will be configured to use the bucket as an HTTP server origin and will use the bucket's configured website redirects and error handling. Otherwise, the origin is created as a bucket origin and will use CloudFront's redirect and error handling.</p> </blockquote> </li> <li><p>Keep the <code>s3.bucket</code> as a bucket origin for CloudFront. ✅</p></li> </ol> <p>We are going to stick with the defaults and continue with the <strong>2nd</strong> (bucket origin) option. We could pretty much achieve the same final result with the first one (see <a href="https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-serve-static-website/" rel="noopener noreferrer">using a website endpoint as the origin</a>). There are also some caveats to both options, we will go through the latter ones.</p> <p>The <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html" rel="noopener noreferrer">default props</a> for the Bucket should then just work fine. The only interesting ones to us are the <code>blockPublicAccess</code> and the <code>removalPolicy</code> properties. If you are only playing around and plan on destroying the bucket later make sure to modify the <code>removalPolicy</code> and the <code>autoDeleteObjects</code> properties based on your needs<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// This will also destroy the bucket when running cdk destroy later</span> <span class="k">this</span><span class="p">.</span><span class="nx">_bucket</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">s3</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseBucket</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">removalPolicy</span><span class="p">:</span> <span class="nx">RemovalPolicy</span><span class="p">.</span><span class="nx">DESTROY</span><span class="p">,</span> <span class="na">autoDeleteObjects</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>To allow users to access the site's content through CloudFront, we can add another construct called an <code>OriginAccessIdentity</code>. This is a special CloudFront user that can be associated with an S3 bucket origin. Since the default for <code>blockPublicAccess</code> is <code>s3.BlockPublicAccess.BLOCK_ALL</code>, this is necessary.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">aws_cloudfront</span> <span class="k">as</span> <span class="nx">cf</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span> <span class="p">...</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BaseStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="p">...</span> <span class="k">private</span> <span class="nx">_originAccessIdentity</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">OriginAccessIdentity</span> <span class="p">...</span> <span class="k">this</span><span class="p">.</span><span class="nx">_originAccessIdentity</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cf</span><span class="p">.</span><span class="nc">OriginAccessIdentity</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseCfOriginAccessIdentity</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L36" rel="noopener noreferrer">View on GitHub</a></p> <p>Next, we need to grant our Origin Access Identity (OAI) bucket read permissions. We can do this by adding the user to the bucket resource policy with the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#addwbrtowbrresourcewbrpolicypermission" rel="noopener noreferrer">addToResourcePolicy()</a> method, passing in a new <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.PolicyStatement.html" rel="noopener noreferrer">IAM statement</a> and attaching our OAI to the policy statement principals.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">iam</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-iam</span><span class="dl">'</span> <span class="p">...</span> <span class="k">this</span><span class="p">.</span><span class="nx">_bucket</span><span class="p">.</span><span class="nf">addToResourcePolicy</span><span class="p">(</span> <span class="k">new</span> <span class="nx">iam</span><span class="p">.</span><span class="nc">PolicyStatement</span><span class="p">({</span> <span class="na">actions</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">s3:GetObject</span><span class="dl">'</span><span class="p">],</span> <span class="na">resources</span><span class="p">:</span> <span class="p">[</span><span class="k">this</span><span class="p">.</span><span class="nx">_bucket</span><span class="p">.</span><span class="nf">arnForObjects</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">)],</span> <span class="na">principals</span><span class="p">:</span> <span class="p">[</span> <span class="k">new</span> <span class="nx">iam</span><span class="p">.</span><span class="nc">CanonicalUserPrincipal</span><span class="p">(</span> <span class="k">this</span><span class="p">.</span><span class="nx">_originAccessIdentity</span><span class="p">.</span><span class="nx">cloudFrontOriginAccessIdentityS3CanonicalUserId</span> <span class="p">),</span> <span class="p">],</span> <span class="p">})</span> <span class="p">)</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L37" rel="noopener noreferrer">View on GitHub</a></p> <p>That should be all the permission stuff done. Now we have only have one little problem left that we can solve within our <code>BaseStack</code>.</p> <p>If you have not been following from the beginning, I used Hugo to generate the site. I have this build folder structure (which is common when using static site generators) for my pages<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>public │ ... ├── posts │ └── my-first-post │ └── index.html │ ... └── index.html </code></pre> </div> <p>Since we chose the bucket origin option, we must request the file at <code>/posts/my-first-post/index.html</code> directly, and our page routing will not work (this should be handled automatically if the static website hosting option is enabled). However, if we want to access the posts using the <code>/posts/my-first-post/</code> URL, we can use a <a href="https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/" rel="noopener noreferrer">CloudFront Function</a> to make this happen.</p> <p>To begin, create a new folder called <code>cdk/functions</code> and add a new file to it called <code>cdk/functions/reqRewrite.js</code>. By default, a new CDK project includes a <code>*.js</code> line in the <code>.gitignore</code> file, which ignores all JavaScript files. In order to ensure that our function code is tracked and committed to the repository, we can add a new rule <code>!/functions/*</code>, which grabs back all of the <code>.js</code> files inside the <code>functions</code> directory.</p> <p>In this file, we will rewrite all page requests by checking if the request does not contain a dot (e.g. <code>.css</code>, <code>.js</code>). This will help us determine if we are requesting a file or not. If the request does not contain a dot, it means that we are not requesting a file, and we can proceed with the rewrite and append <code>.index.html</code> to the requested URI<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">rewritePageUri</span><span class="p">(</span><span class="nx">uri</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">isDir</span> <span class="o">=</span> <span class="nx">uri</span><span class="p">.</span><span class="nf">endsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Handle both "/posts/my-post/" and "/posts/my-post"</span> <span class="k">return</span> <span class="nx">uri</span> <span class="o">+</span> <span class="p">(</span><span class="nx">isDir</span> <span class="p">?</span> <span class="dl">''</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">)</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">index.html</span><span class="dl">'</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">handler</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">request</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">request</span> <span class="c1">// Requesting a page ("/" or "/posts/my-post")</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">request</span><span class="p">.</span><span class="nx">uri</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">.</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Append index.html to the requested uri</span> <span class="nx">request</span><span class="p">.</span><span class="nx">uri</span> <span class="o">=</span> <span class="nf">rewritePageUri</span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">uri</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">request</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/functions/reqRewrite.js#L1" rel="noopener noreferrer">View on GitHub</a></p> <p>All the page requests will now serve the respective <code>.index.html</code> files.</p> <blockquote> <p>⚠️ The code provided above is designed to work with a simple build folder structure, such as <code>my-page/index.html</code> or similar. If you have a different build folder structure, you will need to modify the <code>rewritePageUri()</code> function so that it appends the correct <code>.html</code> file to the requested URI. This will ensure that the correct page is displayed when a user navigates to your site.</p> </blockquote> <p>Let's go ahead and attach our function to a CloudFront function associations list (we will drop this list into our CloudFront construct later). To do this, create a new <code>_functionAssociations</code> property and add a new construct as follows<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BaseStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="k">private</span> <span class="nx">_functionAssociations</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">FunctionAssociation</span><span class="p">[]</span> <span class="p">...</span> <span class="k">this</span><span class="p">.</span><span class="nx">_functionAssociations</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="na">eventType</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">FunctionEventType</span><span class="p">.</span><span class="nx">VIEWER_REQUEST</span><span class="p">,</span> <span class="na">function</span><span class="p">:</span> <span class="k">new</span> <span class="nx">cf</span><span class="p">.</span><span class="nc">Function</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseRequestRewriteFunction</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">code</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">FunctionCode</span><span class="p">.</span><span class="nf">fromFile</span><span class="p">({</span> <span class="na">filePath</span><span class="p">:</span> <span class="dl">'</span><span class="s1">functions/reqRewrite.js</span><span class="dl">'</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L48" rel="noopener noreferrer">View on GitHub</a></p> <p>It is important to note that we need to create a <code>VIEWER_REQUEST</code> type function in order to modify the request before it reaches the origin(see <a href="https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/" rel="noopener noreferrer">Introducing CloudFront Functions</a>). To create a <code>VIEWER_REQUEST</code> type function, we can use the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Function.html" rel="noopener noreferrer">Function</a> construct, which allows us to specify the source code of the function from a file (such as the <code>reqRewrite.js</code> file we created earlier). We can also pass the code in as an inline string if we prefer.</p> <p>In order to make our base stack resources accessible to other CDK stacks, let's create and export a <code>BaseStackInterface</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">BaseStackResources</span> <span class="p">{</span> <span class="nl">bucket</span><span class="p">:</span> <span class="nx">s3</span><span class="p">.</span><span class="nx">Bucket</span> <span class="nx">originAccessIdentity</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">OriginAccessIdentity</span> <span class="nx">functionAssociations</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">FunctionAssociation</span><span class="p">[]</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BaseStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="p">...</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L8" rel="noopener noreferrer">View on GitHub</a></p> <p>and add a public <code>resources()</code> method to the <code>BaseStack</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">private</span> <span class="nx">_functionAssociations</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">FunctionAssociation</span><span class="p">[]</span> <span class="nf">resources</span><span class="p">():</span> <span class="nx">BaseStackResources</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">bucket</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">_bucket</span><span class="p">,</span> <span class="na">originAccessIdentity</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">_originAccessIdentity</span><span class="p">,</span> <span class="na">functionAssociations</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">_functionAssociations</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="p">...</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L23" rel="noopener noreferrer">View on GitHub</a></p> <p>By doing this, we can ensure that our child stacks are able to leverage the resources created in the <code>BaseStack</code>, making our cdk project more modular and reusable.</p> <p>Great, it looks like we have all the base resources we need. Now, let's create our stack. To do this, open the <code>bin/cdk.ts</code> file and instantiate the <code>BaseStack</code> class as follows (make sure to use unique stack IDs if you are planning on deploying multiple CDK applications to the same AWS account)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">BaseStack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/base-stack</span><span class="dl">'</span> <span class="p">...</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cdk</span><span class="p">.</span><span class="nc">App</span><span class="p">()</span> <span class="kd">const</span> <span class="nx">baseStack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BaseStack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">AwsStaticSiteStarterBaseStack</span><span class="dl">'</span><span class="p">)</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/bin/cdk.ts#L15" rel="noopener noreferrer">View on GitHub</a></p> <p>It is a good practice to ensure that our stacks are deployed to the desired <code>account</code> and <code>region</code> every time. To accomplish this, we can use the <code>cdk.StackProps.env</code> and retrieve the values from our <code>.env</code> file, and pass them as properties to our stacks. This approach is recommended for production environments, as it ensures consistency and eliminates potential issues that may arise when working with other team members who may have different accounts configured<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="kd">const</span> <span class="nx">sharedProps</span><span class="p">:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">// Set the region/account fields of env to either a concrete</span> <span class="c1">// value to select the indicated environment (recommended for production stacks)</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">account</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_ACCOUNT</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CDK_REGION</span> <span class="p">},</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">baseStack</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BaseStack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">AwsStaticSiteStarterBaseStack</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="p">...</span><span class="nx">sharedProps</span> <span class="p">})</span> <span class="p">...</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/bin/cdk.ts#L15" rel="noopener noreferrer">View on GitHub</a></p> <p>Now that we have finished preparing resources for the CloudFront construct, we can move on to creating our <code>BlogStack</code>.</p> <p>To get started, create a new file called <code>lib/blog-stack.ts</code> and define a new class called <code>BlogStack</code>. The stack props should contain the additional <code>BaseStackResources</code> props. We can then destructure the props to get the individual resource instances as follows<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">BaseStackResources</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./base-stack</span><span class="dl">'</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cdk</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BlogStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span> <span class="o">&amp;</span> <span class="nx">BaseStackResources</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">props</span><span class="p">)</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">bucket</span><span class="p">,</span> <span class="nx">originAccessIdentity</span><span class="p">,</span> <span class="nx">functionAssociations</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">props</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/blog-stack.ts#L15" rel="noopener noreferrer">View on GitHub</a></p> <p>Now that we have defined our <code>BlogStack</code> class, we can create an instance of it inside <code>bin/cdk.ts</code> and pass in the resources as props<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">BlogStack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../lib/blog-stack</span><span class="dl">'</span> <span class="p">...</span> <span class="k">new</span> <span class="nc">BlogStack</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="dl">'</span><span class="s1">AwsStaticSiteStarterBlogStack</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="p">...</span><span class="nx">sharedProps</span><span class="p">,</span> <span class="p">...</span><span class="nx">baseStack</span><span class="p">.</span><span class="nf">resources</span><span class="p">()</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/bin/cdk.ts#L17" rel="noopener noreferrer">View on GitHub</a></p> <p>To finish setting up the <code>BlogStack</code>, let's go back to <code>lib/blog-stack.ts</code> and create a <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html" rel="noopener noreferrer">CloudFront distribution</a>. We are going to specify a few props here</p> <ul> <li> <code>defaultRootObject</code> - The root <code>index.html</code> object we want to request from the S3 origin when a viewer requests the root URL for our distribution.</li> <li> <code>defaultBehavior</code> <ul> <li> <code>functionAssociations</code> - The request rewrite function that we created earlier.</li> <li> <code>origin</code> - A new <code>S3Origin</code> construct with our bucket and the <code>originAccessIdentity</code> from our base stack. </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">origins</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-cloudfront-origins</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">aws_cloudfront</span> <span class="k">as</span> <span class="nx">cf</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span> <span class="p">...</span> <span class="kd">const</span> <span class="nx">cfDistribution</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cf</span><span class="p">.</span><span class="nc">Distribution</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BlogCfDistribution</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">defaultRootObject</span><span class="p">:</span> <span class="dl">'</span><span class="s1">index.html</span><span class="dl">'</span><span class="p">,</span> <span class="na">defaultBehavior</span><span class="p">:</span> <span class="p">{</span> <span class="na">functionAssociations</span><span class="p">:</span> <span class="p">[...</span><span class="nx">functionAssociations</span><span class="p">],</span> <span class="na">origin</span><span class="p">:</span> <span class="k">new</span> <span class="nx">origins</span><span class="p">.</span><span class="nc">S3Origin</span><span class="p">(</span><span class="nx">bucket</span><span class="p">,</span> <span class="p">{</span> <span class="nx">originAccessIdentity</span><span class="p">,</span> <span class="na">originPath</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/blog</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/blog-stack.ts#L18" rel="noopener noreferrer">View on GitHub</a></p> <p>Finally, we will also need a <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.BucketDeployment.html" rel="noopener noreferrer">BucketDeployment</a> construct to deploy our site to our S3 bucket (populate the S3 bucket with our <code>public</code> folder). As for the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.BucketDeployment.html#construct-props" rel="noopener noreferrer">props</a>, the <code>destinationBucket</code> and the <code>distribution</code> are the obvious ones. The ones that need a little bit more attention would be</p> <ul> <li> <code>distributionPaths</code> - The file paths to invalidate in the CloudFront distribution. This is important to specify because if the cache is not invalidated, users may continue to see the old content, which can lead to a variety of issues, such as incorrect display of content, broken links, JavaScript errors, etc.</li> <li> <code>destinationKeyPrefix</code> - This is to organize our objects in the bucket by placing them in a specific subdirectory (<code>blog</code>). In case we would want to deploy multiple apps to the same bucket, we could specify different prefixes for different apps.</li> <li> <code>sources</code> - The <code>sources</code> property allows us to specify the files or directories that we want to deploy to the bucket. An array of <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.ISource.html" rel="noopener noreferrer">ISource</a> objects is expected, so we can use the <code>s3deploy.Source.asset()</code> with the node.js <code>path.join()</code> to build the path to our <code>public</code> directory. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">join</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">s3deploy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-s3-deployment</span><span class="dl">'</span> <span class="p">...</span> <span class="k">new</span> <span class="nx">s3deploy</span><span class="p">.</span><span class="nc">BucketDeployment</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BlogBucketDeployment</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">destinationBucket</span><span class="p">:</span> <span class="nx">bucket</span><span class="p">,</span> <span class="na">distribution</span><span class="p">:</span> <span class="nx">cfDistribution</span><span class="p">,</span> <span class="na">distributionPaths</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/*</span><span class="dl">'</span><span class="p">],</span> <span class="na">destinationKeyPrefix</span><span class="p">:</span> <span class="dl">'</span><span class="s1">blog</span><span class="dl">'</span><span class="p">,</span> <span class="na">sources</span><span class="p">:</span> <span class="p">[</span><span class="nx">s3deploy</span><span class="p">.</span><span class="nx">Source</span><span class="p">.</span><span class="nf">asset</span><span class="p">(</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">..</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">..</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">))],</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/blog-stack.ts#L40" rel="noopener noreferrer">View on GitHub</a></p> <p>The <code>BaseStack</code> and <code>BlogStack</code> structure that I chose should now be clearer. If we decide to deploy another site, we can easily reuse resources from the <code>BaseStack</code> and add an additional child stack (similar to or the same as the <code>BlogStack</code>) as needed. We can then modify the paths and prefixes as needed.</p> <div class="ltag__link"> <a href="/htmnk" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F989502%2Fa07a597a-2896-4f8c-8f57-dd4c0af2a536.jpeg" alt="htmnk"> </div> </a> <a href="/htmnk/caching-site-assets-with-aws-cdk-s3-snippet-3hp9" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Caching Site Assets with AWS CDK &amp; S3 - snippet</h2> <h3>Erik Petrinec ・ Feb 1 '23</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#webdev</span> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#performance</span> <span class="ltag__link__tag">#typescript</span> </div> </div> </a> </div> <p>Deploying to CloudFront CDN results in a significant improvement over other alternatives due to Amazon's edge cache. To further improve our site performance, we must set <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" rel="noopener noreferrer">Cache-Control</a> headers that control caching of our assets inside browsers. You may want to consider the snippet I provided above, which extends the <code>BucketDeployment</code> (drop-in <a href="https://gist.github.com/htmnk/507ece0ecf98d1dd0cb4aa94f53a291b#file-cdk-stack-ts" rel="noopener noreferrer">SiteBucketDeployment</a> construct) with several additional properties that enable you to set different <code>Cache-Control</code> headers according to the specified file extensions.</p> <p>Well that was easy, let's ship this thing for real now.</p> <p><strong>Done</strong>.</p> <ul> <li>☑ Define AWS resources for the deployment</li> </ul> <h2> Deploy the site </h2> <p>If this is your first time deploying a CDK app on your AWS account, you may also need to run the <a href="https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html" rel="noopener noreferrer">cdk bootstrap</a> command. This command creates the necessary resources in your account to support CDK deployments, such as an S3 bucket for storing templates and assets. A simple<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cdk bootstrap </code></pre> </div> <p>should work if your credentials are configured. You should also get a warning when trying to deploy without bootstrapping first.</p> <p>There are also some useful commands that we can run to ensure that the cdk app is in good shape and we can catch any potential issues early on:</p> <ul> <li> <code>cdk diff</code> - This command compares the current state of the application with the deployed state and shows you the differences between them. This can help you understand what changes will be made to your resources during the next deployment.</li> <li> <code>cdk synth</code> - Generates the CloudFormation template for your stack, which can be useful for reviewing the template, or even debugging and troubleshooting issues related to your stack deployment.</li> </ul> <p>In addition to the built-in CDK commands, we can also include a custom <code>build</code> command to catch any errors or issues with the application's code before deployment. Since it is not part of the CDK toolchain, and we are using <code>ts-node</code>, we can replace the build script in the <code>package.json</code> file with the command we used in the previous section<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">...</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"npx ts-node bin/cdk.ts"</span><span class="p">,</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="err">...</span><span class="w"> </span></code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/package.json#L8" rel="noopener noreferrer">View on GitHub</a></p> <p>and run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run build </code></pre> </div> <p>Alright it's finally time to deploy. As we have multiple stacks within the app, it is necessary to use the <code>cdk deploy --all</code> option when deploying our app<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># sudo cdk deploy --all</span> cdk deploy <span class="nt">--all</span> </code></pre> </div> <p>When deploying the CDK application for the first time, it may take a while as all the resources defined in the stacks will be created. During the deployment process, you may be prompted with confirmation messages, asking you to confirm the creation of certain resources.</p> <p>If the deployment process is successful, you should see a green checkmark with the stack id in the console<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>... ✅ AwsStaticSiteStarterBlogStack ✨ Deployment <span class="nb">time</span>: 326.15s ... </code></pre> </div> <p>Let's explore the deployed resources in the AWS Management Console. We can first visit the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html" rel="noopener noreferrer">AWS CloudFormation</a> service that displays a list of all the stacks in our AWS account, along with the resources that are associated with each stack</p> <ol> <li>Open the AWS Management Console</li> <li>In the top navigation bar, click on the Services menu and search/select CloudFormation.</li> <li>In the CloudFormation console, you will see a list of all the stacks in your AWS account.</li> <li>To view the resources associated with a stack, click on the stack name.</li> </ol> <p>We can also view the properties and status of each resource in our stack, as well as perform various actions such as updating or deleting the stack. This is particularly useful when integrating CDK into a continuous integration and deployment (CI/CD) workflow. If a deployment gets stuck, we can use the AWS Management Console to take manual action to fix the issue.</p> <p>To access our deployed blog, we will need to use the URL provided by CloudFront. To find the HTTP URL of our CloudFront distribution</p> <ol> <li>Select/Search CloudFront from the services menu.</li> <li>In the CloudFront console, you will see a list of all the CloudFront distributions in your AWS account.</li> <li>Click on the distribution that was created by your CDK app.</li> <li>In the distribution details page, you will see the Domain Name of the distribution, and it will take the form of <em><strong>xxxxxxx.cloudfront.net</strong></em>. We can use this URL to access our blog using HTTP. Go ahead and paste the url inside your browser.</li> </ol> <p>If you are not using Hugo as we did in the first section, your site may already be working as intended. With Hugo it should be completely broken at this stage, we have to go back to our <code>config.toml</code> and update the <a href="https://gohugo.io/getting-started/configuration/#baseurl" rel="noopener noreferrer">baseURL</a> with our generated URL<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="py">baseURL</span> <span class="p">=</span> <span class="s">'http://xxxxxxx.cloudfront.net'</span> <span class="err">...</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/config.toml#L1" rel="noopener noreferrer">View on GitHub</a></p> <p>Let's rebuild and redeploy the site again (make sure you are inside the root directory)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hugo <span class="nt">-D</span> <span class="nb">cd </span>cdk cdk deploy <span class="nt">--all</span> </code></pre> </div> <p>The redeploy should be noticeably quicker this time because we are only updating the contents of the site, not the constructs.</p> <p>🎉 That's it!</p> <blockquote> <p>⚠️ If you encounter issues when attempting to redeploy and the <code>cdk diff</code> command shows changes to the <code>AWS::Cloudfront::Function .zip</code>, one solution is to make a small modification to the function code, such as adding a comment. Another option is to use the inline version of the function code when creating the CloudFront function. This may resolve the issue and allow for successful redeployment.</p> </blockquote> <p>For those of you that are only playing around and don't want to keep the deployed stacks, you can use the <code>cdk destroy</code> command to delete all the resources that were created by the deployment. You might have to edit and redeploy the <code>s3.bucket</code> construct (the bucket needs to be empty) so that it gets properly destroyed<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">this</span><span class="p">.</span><span class="nx">_bucket</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">s3</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseBucket</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">removalPolicy</span><span class="p">:</span> <span class="nx">RemovalPolicy</span><span class="p">.</span><span class="nx">DESTROY</span><span class="p">,</span> <span class="na">autoDeleteObjects</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>and run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cdk destroy <span class="nt">--all</span> </code></pre> </div> <p>Alternatively you can also delete the contents of the bucket inside the AWS Management console and destroy the stack manually with CloudFormation.</p> <p>If you have purchased a domain through AWS and want to take your site to production by enabling HTTPS, this final section below is for you. Even if you are not planning to purchase a domain at this time, you may still want to read along to learn about how to set up HTTPS and other security related features using the CDK.</p> <p><strong>Done</strong>.</p> <ul> <li>☑ Deploy the site</li> </ul> <h2> Security and Domain Name </h2> <p>Let's evaluate the security of our site by using <a href="https://observatory.mozilla.org/" rel="noopener noreferrer">Mozilla Observatory</a> to obtain a security grade. Simply paste your CloudFront <code>http://xxxxxxx.cloudfront.net/</code> URL to the input. At this stage, it is likely that we will receive an <strong>"F"</strong> rating, similar to a failing grade in college. However, unlike academic studies, it does not require extensive effort to improve our score. The most important and immediate step is to implement HTTPS, which is now a standard even for websites that do not transmit sensitive data. Failure to do so can result in Google Chrome flagging the website as insecure, which is not an acceptable outcome for a publicly accessible site.</p> <p>Before diving deep into certificates and HTTPS, we can perform a security checklist by following the suggestions of Mozilla Observatory. One way to do this is by using the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.ResponseHeadersPolicy.html" rel="noopener noreferrer">ResponseHeadersPolicy</a> construct to add several security headers to our CloudFront distribution</p> <p>These headers include (checkout the <a href="https://infosec.mozilla.org/guidelines/web_security#web-security-cheat-sheet" rel="noopener noreferrer">Web Security Cheat Sheet</a> for more details, the importance and implementation difficulty of each one):</p> <ul> <li> <code>Content-Security-Policy</code> - used to restrict the resources that a browser can load for a given page</li> <li> <code>Content-Type-Options</code> - prevents the browser from interpreting files as something other than declared by the content type</li> <li> <code>Frame-Options</code> - prevents clickjacking by ensuring that the content is not embedded into other sites</li> <li> <code>Referrer-Policy</code> - allows us to control the value of the referrer header</li> <li> <code>Strict-Transport-Security</code> - used to enforce secure connections to the server</li> <li> <code>X-XSS-Protection</code> - helps prevent cross-site scripting attacks</li> </ul> <p>Go back to our <code>cdk/lib/base-stack.ts</code> and create the <code>ResponseHeadersPolicy</code> construct (we will skip CSP in this article)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">BaseStackResources</span> <span class="p">{</span> <span class="p">...</span> <span class="nx">responseHeadersPolicy</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">ResponseHeadersPolicy</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BaseStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="p">...</span> <span class="k">private</span> <span class="nx">_responseHeadersPolicy</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">ResponseHeadersPolicy</span> <span class="nf">resources</span><span class="p">():</span> <span class="nx">BaseStackResources</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span> <span class="na">responseHeadersPolicy</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">_responseHeadersPolicy</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="p">...</span> <span class="k">this</span><span class="p">.</span><span class="nx">_responseHeadersPolicy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cf</span><span class="p">.</span><span class="nc">ResponseHeadersPolicy</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseResponseHeadersPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">responseHeadersPolicyName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">CustomBaseResponseHeadersPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="na">securityHeadersBehavior</span><span class="p">:</span> <span class="p">{</span> <span class="cm">/** * @todo ResponseHeadersPolicy CSP (for you, in case you want to have * a perfect grade) * * When using Hugo, implementing a proper Content Security Policy (CSP) can be * challenging when there is limited control over the scripts included on the site. */</span> <span class="c1">// contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true },</span> <span class="na">contentTypeOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">override</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="na">frameOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">frameOption</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">HeadersFrameOption</span><span class="p">.</span><span class="nx">DENY</span><span class="p">,</span> <span class="na">override</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="na">referrerPolicy</span><span class="p">:</span> <span class="p">{</span> <span class="na">referrerPolicy</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">HeadersReferrerPolicy</span><span class="p">.</span><span class="nx">NO_REFERRER</span><span class="p">,</span> <span class="na">override</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">strictTransportSecurity</span><span class="p">:</span> <span class="p">{</span> <span class="na">override</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">accessControlMaxAge</span><span class="p">:</span> <span class="nx">Duration</span><span class="p">.</span><span class="nf">days</span><span class="p">(</span><span class="mi">365</span> <span class="o">*</span> <span class="mi">2</span><span class="p">),</span> <span class="na">includeSubdomains</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">preload</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">xssProtection</span><span class="p">:</span> <span class="p">{</span> <span class="na">override</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">protection</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">modeBlock</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="p">},</span> <span class="p">})</span> <span class="p">...</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L56" rel="noopener noreferrer">View on GitHub</a></p> <p>Before proceeding further, ensure that your domain name is registered with Amazon Route 53. This process also creates a <a href="https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html" rel="noopener noreferrer">hosted zone</a> with your domain name as part of the registration. You can follow the guide <a href="https://aws.amazon.com/getting-started/hands-on/get-a-domain/" rel="noopener noreferrer">How to Register a Domain Name with Amazon Route 53</a>) if you haven't done so already.</p> <p>We can utilize the <code>HostedZone.fromLookup()</code> method to create a <code>HostedZone</code> construct, which is required to specify for our certificate. Simply pass in your domain name, which should also be stored in the <code>.env</code> file at this point if you have been following the guide from the beginning<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">route53</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-route53</span><span class="dl">'</span> <span class="p">...</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">BaseStackResources</span> <span class="p">{</span> <span class="p">...</span> <span class="nx">zone</span><span class="p">:</span> <span class="nx">route53</span><span class="p">.</span><span class="nx">IHostedZone</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BaseStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="p">...</span> <span class="k">private</span> <span class="nx">_zone</span><span class="p">:</span> <span class="nx">route53</span><span class="p">.</span><span class="nx">IHostedZone</span> <span class="nf">resources</span><span class="p">():</span> <span class="nx">BaseStackResources</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span> <span class="na">zone</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">_zone</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="p">...</span> <span class="k">this</span><span class="p">.</span><span class="nx">_zone</span> <span class="o">=</span> <span class="nx">route53</span><span class="p">.</span><span class="nx">HostedZone</span><span class="p">.</span><span class="nf">fromLookup</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BaseHostedZone</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">domainName</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DOMAIN_NAME</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/base-stack.ts#L81" rel="noopener noreferrer">View on GitHub</a></p> <p>Next, we will once again proceed to the <code>lib/blog-stack.ts</code> file to bring everything together in our CloudFront distribution. We can retrieve the <code>zone</code> and <code>responseHeadersPolicy</code> constructs we created previously from the props. We can also grab the shared <code>env</code> prop for the <code>region</code>. Additionally, let's assign the value of <code>process.env.DOMAIN_NAME</code> to a variable, as we will be using it in multiple places within the <code>BlogStack</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">props</span><span class="p">)</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">env</span><span class="p">,</span> <span class="nx">zone</span><span class="p">,</span> <span class="nx">responseHeadersPolicy</span><span class="p">,</span> <span class="nx">bucket</span><span class="p">,</span> <span class="nx">originAccessIdentity</span><span class="p">,</span> <span class="nx">functionAssociations</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">props</span> <span class="kd">const</span> <span class="nx">domainName</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DOMAIN_NAME</span> <span class="o">??</span> <span class="dl">''</span> <span class="p">...</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/blog-stack.ts#L15" rel="noopener noreferrer">View on GitHub</a></p> <p>Alright, let's pass in the base stack constructs and specify some additional parameters for the CloudFront distribution. These include:</p> <ul> <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.BehaviorOptions.html#responseheaderspolicy" rel="noopener noreferrer">defaultBehavior.responseHeadersPolicy</a> - this is where we will pass in our <code>responseHeadersPolicy</code> construct</li> <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.BehaviorOptions.html#viewerprotocolpolicy" rel="noopener noreferrer">defaultBehavior.viewerProtocolPolicy</a> - set to <code>cf.ViewerProtocolPolicy.REDIRECT_TO_HTTPS</code> to redirect all HTTP requests to HTTPS</li> <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html#priceclass" rel="noopener noreferrer">priceClass</a> - set to <code>cf.PriceClass.PRICE_CLASS_ALL</code> for all CloudFront locations</li> <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html#domainnames" rel="noopener noreferrer">domainNames</a> - an array containing our site's domain name, passed in as <code>[domainName]</code> </li> <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html#certificate" rel="noopener noreferrer">certificate</a> - it is necessary to specify the certificate that should be used for HTTPS connections. This is done by passing in an instance of the <code>Certificate</code> construct as a property of the <code>Distribution</code> construct. The certificate is then associated with the distribution, and CloudFront uses it to authenticate connections to our website. The certificate must be located in N. Virginia <code>us-east-1</code>.</li> <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html#errorresponses" rel="noopener noreferrer">errorResponses</a> - CloudFront, with our configuration, will return a <code>403</code> error for any missing requests. This includes the standard <code>404</code> page responses. To properly handle these errors, we can use this behavior to remap the response and return a <code>/404.html</code> page. Keep in mind that this page must exist on your site. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">acm</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-certificatemanager</span><span class="dl">'</span> <span class="p">...</span> <span class="kd">const</span> <span class="nx">cfDistribution</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cf</span><span class="p">.</span><span class="nc">Distribution</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BlogCfDistribution</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">defaultRootObject</span><span class="p">:</span> <span class="dl">'</span><span class="s1">index.html</span><span class="dl">'</span><span class="p">,</span> <span class="na">defaultBehavior</span><span class="p">:</span> <span class="p">{</span> <span class="na">functionAssociations</span><span class="p">:</span> <span class="p">[...</span><span class="nx">functionAssociations</span><span class="p">],</span> <span class="na">origin</span><span class="p">:</span> <span class="k">new</span> <span class="nx">origins</span><span class="p">.</span><span class="nc">S3Origin</span><span class="p">(</span><span class="nx">bucket</span><span class="p">,</span> <span class="p">{</span> <span class="nx">originAccessIdentity</span><span class="p">,</span> <span class="na">originPath</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/blog</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="nx">responseHeadersPolicy</span><span class="p">,</span> <span class="na">viewerProtocolPolicy</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">ViewerProtocolPolicy</span><span class="p">.</span><span class="nx">REDIRECT_TO_HTTPS</span><span class="p">,</span> <span class="p">},</span> <span class="na">priceClass</span><span class="p">:</span> <span class="nx">cf</span><span class="p">.</span><span class="nx">PriceClass</span><span class="p">.</span><span class="nx">PRICE_CLASS_ALL</span><span class="p">,</span> <span class="na">domainNames</span><span class="p">:</span> <span class="p">[</span><span class="nx">domainName</span><span class="p">],</span> <span class="na">certificate</span><span class="p">:</span> <span class="k">new</span> <span class="nx">acm</span><span class="p">.</span><span class="nc">DnsValidatedCertificate</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BlogCertificate</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">domainName</span><span class="p">,</span> <span class="c1">// Support www. + domain name</span> <span class="na">subjectAlternativeNames</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">www.</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">domainName</span><span class="p">],</span> <span class="na">hostedZone</span><span class="p">:</span> <span class="nx">zone</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="nx">env</span><span class="p">?.</span><span class="nx">region</span><span class="p">,</span> <span class="p">}),</span> <span class="na">errorResponses</span><span class="p">:</span> <span class="p">[{</span> <span class="na">httpStatus</span><span class="p">:</span> <span class="mi">403</span><span class="p">,</span> <span class="na">responseHttpStatus</span><span class="p">:</span> <span class="mi">404</span><span class="p">,</span> <span class="na">responsePagePath</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/404.html</span><span class="dl">'</span> <span class="p">}],</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/blog-stack.ts#L18" rel="noopener noreferrer">View on GitHub</a></p> <p>Next up: an <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_route53.ARecord.html" rel="noopener noreferrer">ARecord</a>. An alias record in Route 53 is a type of record that can be used to map a domain name to selected AWS resources, such as an Elastic Load Balancer, CloudFront distribution, or an S3 bucket. We can use this construct to map our domain name to a <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_route53_targets.CloudFrontTarget.html" rel="noopener noreferrer">CloudFrontTarget</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">route53</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-route53</span><span class="dl">'</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">route53targets</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-route53-targets</span><span class="dl">'</span> <span class="p">...</span> <span class="k">new</span> <span class="nx">route53</span><span class="p">.</span><span class="nc">ARecord</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BlogAliasRecord</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">zone</span><span class="p">,</span> <span class="na">recordName</span><span class="p">:</span> <span class="nx">domainName</span><span class="p">,</span> <span class="na">target</span><span class="p">:</span> <span class="nx">route53</span><span class="p">.</span><span class="nx">RecordTarget</span><span class="p">.</span><span class="nf">fromAlias</span><span class="p">(</span><span class="k">new</span> <span class="nx">route53targets</span><span class="p">.</span><span class="nc">CloudFrontTarget</span><span class="p">(</span><span class="nx">cfDistribution</span><span class="p">)),</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/blog-stack.ts#L48" rel="noopener noreferrer">View on GitHub</a></p> <p>Not crucial, but we can also use the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_route53_patterns.HttpsRedirect.html" rel="noopener noreferrer">HttpsRedirect</a> construct to redirect requests made to the www version of our domain to the non-www version. This is often done to ensure that users accessing our site are directed to a consistent URL, and to improve SEO. By using this construct, we can easily configure a redirect from <code>www.domainName.com</code> to <code>domainName.com</code> for all requests made to our site<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">...</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">aws_cloudfront</span> <span class="k">as</span> <span class="nx">cf</span><span class="p">,</span> <span class="nx">aws_route53_patterns</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span> <span class="p">...</span> <span class="k">new</span> <span class="nx">aws_route53_patterns</span><span class="p">.</span><span class="nc">HttpsRedirect</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BlogWwwToNonWww</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">zone</span><span class="p">,</span> <span class="na">recordNames</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">www.</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">domainName</span><span class="p">],</span> <span class="na">targetDomain</span><span class="p">:</span> <span class="nx">domainName</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p><a href="https://github.com/htmnk/aws-cdk-static-site-starter/blob/main/cdk/lib/blog-stack.ts#L54" rel="noopener noreferrer">View on GitHub</a></p> <p>The construct uses CloudFront and S3 behind the scenes, so an additional CloudFront distribution and S3 bucket will be created.</p> <p>That should be everything we need for now. Let's try a redeploy with the command <code>cdk deploy --all</code>. If the deployment is successful, you should be able to access your site at your purchased domain over HTTPS.</p> <p>After deploying our CDK app, we can view the created certificate in the <a href="https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html" rel="noopener noreferrer">AWS Certificate Manager</a> and the created records inside the hosted zone in the <a href="https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html" rel="noopener noreferrer">AWS Route 53</a> service.</p> <p>Let's also run a scan on the site using Mozilla Observatory again. We should see an improvement in the security grade, and should now receive a grade of <strong>"B"</strong> this time.</p> <p>🥳 Here's the final result <a href="https://e53nec.com/" rel="noopener noreferrer">e53nec.com</a>.</p> <p><strong>Done</strong>.</p> <ul> <li>☑ Security and Domain Name</li> </ul> <h2> What's next </h2> <ul> <li><a href="https://e53nec.com/snippets/caching-site-assets-with-aws-cdk-s3/" rel="noopener noreferrer">Caching Site Assets with AWS CDK &amp; S3</a></li> </ul> aws typescript webdev tutorial