Interface WebappProps

interface WebappProps {
    cloudfrontCertificate?: ICertificate;
    domainNames?: string[];
    overrideCloudFrontBehaviourOptions?: Partial<BehaviorOptions>;
    securityHeaders?: {
        behaviorOverrides?: Partial<
            ResponseSecurityHeadersBehavior & {
                contentSecurityPolicy?: ResponseHeadersContentSecurityPolicy & {
                    reportOnly?: boolean;
                };
            },
        >;
        enabled?: boolean;
    };
    webAclErrorPagePath?: string;
    webAclId?: string;
}

Properties

cloudfrontCertificate? domainNames? overrideCloudFrontBehaviourOptions? securityHeaders? webAclErrorPagePath? webAclId?

Properties

OptionalcloudfrontCertificate

cloudfrontCertificate?: ICertificate

ACM certificate that covers the specifeid domain names.

This certificate must be created in the region us-east-1.

Default

- The CloudFront wildcard certificate (*.cloudfront.net) will be used.

OptionaldomainNames

domainNames?: string[]

List of domain names the CloudFront distribution should use.

Default

- Generated name (e.g., d111111abcdef8.cloudfront.net)

OptionaloverrideCloudFrontBehaviourOptions

overrideCloudFrontBehaviourOptions?: Partial<BehaviorOptions>

Cloudfront behavior overrides.

Used to override cloudfront behavior

NOTE: ResponseHeadersPolicy defined here will overwrite BOTH the default security headers policy and any values specified in securityHeaders.behaviorOverrides.

OptionalsecurityHeaders

securityHeaders?: {
    behaviorOverrides?: Partial<
        ResponseSecurityHeadersBehavior & {
            contentSecurityPolicy?: ResponseHeadersContentSecurityPolicy & {
                reportOnly?: boolean;
            };
        },
    >;
    enabled?: boolean;
}

Enable, disable or configure security headers for the web application

Type declaration

  • OptionalbehaviorOverrides?: Partial<
        ResponseSecurityHeadersBehavior & {
            contentSecurityPolicy?: ResponseHeadersContentSecurityPolicy & {
                reportOnly?: boolean;
            };
        },
    >

    Security headers overrides.

    Used to override certain default security header values if the webapp requires different settings than the defaults.

    NOTE: If you need to disable certain headers, you must explicitly set them to undefined

    Default

    - A set of strict security header values will be used
  • Optionalenabled?: boolean

    Enable adding common security headers to CloudFront responses

    If enabled, the default behavior is to add the following headers with fairly strict defaults. Most of the headers can be customized:

    • Content-Security-Policy
    • Referrer-Policy
    • Strict-Transport-Security
    • X-Content-Type-Options
    • X-Frame-Options
    • X-XSS-Protection

    Default

    true

Default

- a set of strict security headers are configured by default

OptionalwebAclErrorPagePath

webAclErrorPagePath?: string

The path to the page that will be served for users not allowed to access the site when using WAF. E.g. "/4xx-errors/403-forbidden.html".

Note that this wil catch any 403 errors from the origin(s), that might cover any other behaviors is added.

Default

- No custom page for 403 errors.

OptionalwebAclId

webAclId?: string

AWS WAF web ACL to associate with the CloudFront distribution.

To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.

Default

- No AWS Web Application Firewall web access control list (web ACL).

Settings

Member Visibility

On This Page

Properties