Skip to content

Commit

Permalink
Pass securityPolicy from API Gateway DomainName to cfnDomainName
Browse files Browse the repository at this point in the history
  • Loading branch information
Hoberg, Kyle committed Feb 20, 2020
1 parent 935c973 commit 8e9030d
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 2 deletions.
18 changes: 17 additions & 1 deletion packages/@aws-cdk/aws-apigateway/lib/domain-name.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,15 @@ import * as acm from '@aws-cdk/aws-certificatemanager';
import { Construct, IResource, Resource } from '@aws-cdk/core';
import { CfnDomainName } from './apigateway.generated';
import { BasePathMapping, BasePathMappingOptions } from './base-path-mapping';
import { EndpointType, IRestApi} from './restapi';
import { EndpointType, IRestApi } from './restapi';

/**
* The minimum version of the SSL protocol that you want Api Gateway to use for HTTPS connections.
*/
export enum SecurityPolicy {
TLS_1_0 = 'TLS_1_0',
TLS_1_2 = 'TLS_1_2'
}

export interface DomainNameOptions {
/**
Expand All @@ -22,6 +30,13 @@ export interface DomainNameOptions {
* @default REGIONAL
*/
readonly endpointType?: EndpointType;

/**
* The Transport Layer Security (TLS) version + cipher suite for this domain name.
* @default undefined. This field is optional in AWS::ApiGateway::DomainName SecurityPolicy
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html
*/
readonly securityPolicy?: SecurityPolicy
}

export interface DomainNameProps extends DomainNameOptions {
Expand Down Expand Up @@ -90,6 +105,7 @@ export class DomainName extends Resource implements IDomainName {
certificateArn: edge ? props.certificate.certificateArn : undefined,
regionalCertificateArn: edge ? undefined : props.certificate.certificateArn,
endpointConfiguration: { types: [endpointType] },
securityPolicy: props.securityPolicy
});

this.domainName = resource.ref;
Expand Down
4 changes: 3 additions & 1 deletion packages/@aws-cdk/aws-apigateway/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,8 @@
"docs-public-apis:@aws-cdk/aws-apigateway.Stage",
"docs-public-apis:@aws-cdk/aws-apigateway.Stage.restApi",
"docs-public-apis:@aws-cdk/aws-apigateway.Stage.stageName",
"docs-public-apis:@aws-cdk/aws-apigateway.SecurityPolicy.TLS_1_0",
"docs-public-apis:@aws-cdk/aws-apigateway.SecurityPolicy.TLS_1_2",
"docs-public-apis:@aws-cdk/aws-apigateway.UsagePlan",
"docs-public-apis:@aws-cdk/aws-apigateway.UsagePlan.usagePlanId",
"docs-public-apis:@aws-cdk/aws-apigateway.VpcLink.addTargets",
Expand Down Expand Up @@ -296,4 +298,4 @@
]
},
"stability": "stable"
}
}
35 changes: 35 additions & 0 deletions packages/@aws-cdk/aws-apigateway/test/test.domains.ts
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,41 @@ export = {
test.done();
},

'accepts different security policies'(test: Test) {
// GIVEN
const stack = new Stack();
const cert = new acm.Certificate(stack, 'Cert', { domainName: 'example.com' });

// WHEN
new apigw.DomainName(stack, 'my-domain', {
domainName: 'old.example.com',
certificate: cert,
securityPolicy: apigw.SecurityPolicy.TLS_1_0
});

new apigw.DomainName(stack, 'your-domain', {
domainName: 'new.example.com',
certificate: cert,
securityPolicy: apigw.SecurityPolicy.TLS_1_2
});

// THEN
expect(stack).to(haveResource('AWS::ApiGateway::DomainName', {
"DomainName": "old.example.com",
"EndpointConfiguration": { "Types": [ "REGIONAL" ] },
"RegionalCertificateArn": { "Ref": "Cert5C9FAEC1" },
"SecurityPolicy": "TLS_1_0"
}));

expect(stack).to(haveResource('AWS::ApiGateway::DomainName', {
"DomainName": "new.example.com",
"EndpointConfiguration": { "Types": [ "REGIONAL" ] },
"RegionalCertificateArn": { "Ref": "Cert5C9FAEC1" },
"SecurityPolicy": "TLS_1_2"
}));
test.done();
},

'"mapping" can be used to automatically map this domain to the deployment stage of an API'(test: Test) {
// GIVEN
const stack = new Stack();
Expand Down

0 comments on commit 8e9030d

Please sign in to comment.