feat(aws-cloudfront): add support for "webAclId" (#969)

PaulMaddox · Elad Ben-Israel · commit 3ec9d7690c0a · 2018-10-19T14:08:19.000+03:00
Expose the webAclId property on CloudFront distributions. This allows
linking of AWS WAF WebACL resources to protect the CloudFront
distribution.
diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts
@@ -163,7 +163,7 @@ export interface SourceConfiguration {
    *
    * @default no additional headers are passed
    */
-  readonly originHeaders?: {[key: string]: string};
+  readonly originHeaders?: { [key: string]: string };
 }
 
 /**
@@ -431,6 +431,12 @@ export interface CloudFrontWebDistributionProps {
    * How CloudFront should handle requests that are no successful (eg PageNotFound)
    */
   errorConfigurations?: cloudformation.DistributionResource.CustomErrorResponseProperty[];
+
+  /**
+   * Optional AWS WAF WebACL to associate with this CloudFront distribution
+   */
+  webACLId?: string;
+
 }
 
 /**
@@ -528,6 +534,7 @@ export class CloudFrontWebDistribution extends cdk.Construct {
       ipv6Enabled: props.enableIpV6 || true,
       // tslint:disable-next-line:max-line-length
       customErrorResponses: props.errorConfigurations, // TODO: validation : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-errorcachingminttl
+      webAclId: props.webACLId,
     };
 
     const behaviors: BehaviorWithOrigin[] = [];
@@ -585,7 +592,7 @@ export class CloudFrontWebDistribution extends cdk.Construct {
         };
       }
       for (const behavior of originConfig.behaviors) {
-        behaviors.push({...behavior, targetOriginId: originId});
+        behaviors.push({ ...behavior, targetOriginId: originId });
       }
       origins.push(originProperty);
       originIndex++;
@@ -647,26 +654,26 @@ export class CloudFrontWebDistribution extends cdk.Construct {
       };
     }
 
-    const distribution = new cloudformation.DistributionResource(this, 'CFDistribution', {distributionConfig});
+    const distribution = new cloudformation.DistributionResource(this, 'CFDistribution', { distributionConfig });
     this.domainName = distribution.distributionDomainName;
     this.distributionId = distribution.distributionId;
   }
 
   private toBehavior(input: BehaviorWithOrigin, protoPolicy?: ViewerProtocolPolicy) {
-    let toReturn =  {
+    let toReturn = {
       allowedMethods: this.METHOD_LOOKUP_MAP[input.allowedMethods || CloudFrontAllowedMethods.GET_HEAD],
       cachedMethods: this.METHOD_LOOKUP_MAP[input.cachedMethods || CloudFrontAllowedCachedMethods.GET_HEAD],
       compress: input.compress,
       defaultTtl: input.defaultTtlSeconds,
-      forwardedValues: input.forwardedValues || { queryString: false, cookies: {forward: "none"} },
+      forwardedValues: input.forwardedValues || { queryString: false, cookies: { forward: "none" } },
       maxTtl: input.maxTtlSeconds,
       minTtl: input.minTtlSeconds,
       trustedSigners: input.trustedSigners,
       targetOriginId: input.targetOriginId,
       viewerProtocolPolicy: protoPolicy || ViewerProtocolPolicy.RedirectToHTTPS,
     };
     if (!input.isDefaultBehavior) {
-      toReturn = Object.assign(toReturn, {pathPattern: input.pathPattern});
+      toReturn = Object.assign(toReturn, { pathPattern: input.pathPattern });
     }
     return toReturn;
   }
