1

I want to redirect HTTP traffic to HTTPS. So I want to put my app, which runs on an API Gateway, behind Cloudfront. But I want to use aws_cdk.aws_cloudfront to launch my Cloudfront instance.

self.distribution = cloudfront.Distribution(
    self,
    construct_id,
    default_behaviour=cloudfront.BehaviorOptions(
        origin=cloudfront_origins.RestApiOrigin(api),
        ...

This would be my ideal implementation. But my api is of type HttpApi; I am using aws_apigatewayv2_alpha.

Is there any way I can use an HttpApi as the origin of my Cloudfront distribution, using aws_cloudfront?

louisdeb
  • 360
  • 4
  • 16

1 Answers1

1

You can create Origins from any HTTP endpoint like below, given the domain name, and optionally, other origin properties.

# Creates a distribution from an HTTP endpoint
cloudfront.Distribution(self, "myDist",
    default_behavior=cloudfront.BehaviorOptions(origin=origins.HttpOrigin("www.example.com"))
)
Arpit Jain
  • 1,599
  • 9
  • 23
  • Thanks. Yes I'm currently following that method, but I don't want to hardcode my URL. I'm creating the API using the cdk, so I have an `api_stack.py` that runs `apigw.HttpApi(...)`, and I'm then taking that instance's property `url` and trying to pass it into `HttpOrigin`. The problem is that the `url` value looks like this `${Token[TOKEN.622]}.execute-api.eu-west-2.${Token[AWS.URLSuffix.8]}/` (`https://` prefix manually removed). – louisdeb Jan 03 '23 at 14:01
  • I presume these `Token`s are a way of waiting for AWS to resolve values, though they're new to me. – louisdeb Jan 03 '23 at 14:03
  • It also seems it would be very possible [using the console](https://skildops.com/blog/exposing-http-api-gateway-via-aws-cloudfront-detailed-guide), though I want to keep it all in code. – louisdeb Jan 03 '23 at 14:05
  • [Here's an example](https://github.com/awslabs/aws-solutions-constructs/blob/111dcbe9bec65f66ed6fbde5b519141af6e0d290/source/patterns/%40aws-solutions-constructs/core/lib/cloudfront-distribution-defaults.ts) of a dynamically passed url (though they're using RestApi). I presume they don't have Token issues. – louisdeb Jan 03 '23 at 14:08
  • Sorry, I couldn't understand your concerns can you please explain a bit more clearly? – Arpit Jain Jan 03 '23 at 14:18
  • Sure. I don't want to paste the invoke url of my Http Api into `HttpOrigin(...)` because I want the value to be dynamically linked to the creation of my api, which occurs in the same deployment. But the value of my api's url is currently littered with [Tokens](https://docs.aws.amazon.com/cdk/v2/guide/tokens.html). At the moment I am trying `cdk.Token.as_string(api.url.replace("https://", ""))` to overcome these issues. But I was really hoping there would have been a method `origins.HttpApi(...)`! – louisdeb Jan 03 '23 at 14:32
  • Yes, `cdk.Token.as_string(api.url.replace("https://", ""))` still failed with `AWS::CloudFront::Distribution: The parameter origin name must be a domain name.` Maybe creating a Cloudfront distribution with HttpOrigin is a method which isn't prepared for Tokens (though I know too little to believe that is the case or that it shouldn't be the case). – louisdeb Jan 03 '23 at 14:35
  • Okay, I understand the `api.url` is tokenized so URL passing to HttpOrigin won't work. I think in this case, you need to build the domain name from several other properties :-`${restApiId}.execute-api.${AWS::Region}.amazonaws.com/${apiGatewayStageName}` – Arpit Jain Jan 03 '23 at 15:14
  • Thanks very much. Unfortunately, `restApiId` is generated by AWS and I don't have its value anywhere until its Token resolves. For now I will just use a hardcoded URL until finding a better solution. – louisdeb Jan 03 '23 at 15:22
  • In fact I can see your solution in use [here](https://github.com/aws-samples/dicomweb-wado-qido-stow-serverless/blob/3391ba690e872b900eec78c92de7395f8c0dfbeb/cdk/cdk/infrastructure.py#L83) (lines 66 and 83), but again using a rest api. I will check whether this is possible with an http api. – louisdeb Jan 03 '23 at 15:27
  • Unfortunately using `api.api_id` and `api.http_api_id` (both documented [here](https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_apigatewayv2_alpha/HttpApi.html)) return Tokens. – louisdeb Jan 03 '23 at 15:40
  • This answer might help you:- https://stackoverflow.com/a/70753147/12326605 – Arpit Jain Jan 03 '23 at 15:42