aws · mergify · May 19, 2022 · May 13, 2022 · May 13, 2022 · May 14, 2022
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/README.md b/packages/@aws-cdk/aws-cloudfront-origins/README.md
@@ -118,3 +118,17 @@ new cloudfront.Distribution(this, 'myDist', {
   },
 });
 ```
+
+## From an API Gateway REST API
+
+Origins can be created from an API Gateway REST API. It is recommended to use a
+[regional API](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-endpoint-types.html) in this case.
+
+```ts
+declare const api: apigateway.RestApi;
+new cloudfront.Distribution(this, 'Distribution', {
+  defaultBehavior: { origin: new origins.RestApiOrigin(api) },
+});
+```
+
+The origin path will automatically be set as the stage name.
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/lib/http-origin.ts b/packages/@aws-cdk/aws-cloudfront-origins/lib/http-origin.ts
@@ -1,5 +1,6 @@
 import * as cloudfront from '@aws-cdk/aws-cloudfront';
 import * as cdk from '@aws-cdk/core';
+import { validateSecondsInRangeOrUndefined } from './private/utils';
 
 /**
  * Properties for an Origin backed by an S3 website-configured bucket, load balancer, or custom HTTP server.
@@ -79,14 +80,3 @@ export class HttpOrigin extends cloudfront.OriginBase {
     };
   }
 }
-
-/**
- * Throws an error if a duration is defined and not an integer number of seconds within a range.
- */
-function validateSecondsInRangeOrUndefined(name: string, min: number, max: number, duration?: cdk.Duration) {
-  if (duration === undefined) { return; }
-  const value = duration.toSeconds();
-  if (!Number.isInteger(value) || value < min || value > max) {
-    throw new Error(`${name}: Must be an int between ${min} and ${max} seconds (inclusive); received ${value}.`);
-  }
-}
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/lib/index.ts b/packages/@aws-cdk/aws-cloudfront-origins/lib/index.ts
@@ -2,3 +2,4 @@ export * from './http-origin';
 export * from './load-balancer-origin';
 export * from './s3-origin';
 export * from './origin-group';
+export * from './rest-api-origin';
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/lib/private/utils.ts b/packages/@aws-cdk/aws-cloudfront-origins/lib/private/utils.ts
@@ -0,0 +1,12 @@
+import * as cdk from '@aws-cdk/core';
+
+/**
+ * Throws an error if a duration is defined and not an integer number of seconds within a range.
+ */
+export function validateSecondsInRangeOrUndefined(name: string, min: number, max: number, duration?: cdk.Duration) {
+  if (duration === undefined) { return; }
+  const value = duration.toSeconds();
+  if (!Number.isInteger(value) || value < min || value > max) {
+    throw new Error(`${name}: Must be an int between ${min} and ${max} seconds (inclusive); received ${value}.`);
+  }
+}
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/lib/rest-api-origin.ts b/packages/@aws-cdk/aws-cloudfront-origins/lib/rest-api-origin.ts
@@ -0,0 +1,59 @@
+import * as apigateway from '@aws-cdk/aws-apigateway';
+import * as cloudfront from '@aws-cdk/aws-cloudfront';
+import * as cdk from '@aws-cdk/core';
+import { validateSecondsInRangeOrUndefined } from './private/utils';
+
+/**
+ * Properties for an Origin for an API Gateway REST API.
+ */
+export interface RestApiOriginProps extends cloudfront.OriginOptions {
+  /**
+   * Specifies how long, in seconds, CloudFront waits for a response from the origin, also known as the origin response timeout.
+   * The valid range is from 1 to 180 seconds, inclusive.
+   *
+   * Note that values over 60 seconds are possible only after a limit increase request for the origin response timeout quota
+   * has been approved in the target account; otherwise, values over 60 seconds will produce an error at deploy time.
+   *
+   * @default Duration.seconds(30)
+   */
+  readonly readTimeout?: cdk.Duration;
+
+  /**
+   * Specifies how long, in seconds, CloudFront persists its connection to the origin.
+   * The valid range is from 1 to 180 seconds, inclusive.
+   *
+   * Note that values over 60 seconds are possible only after a limit increase request for the origin response timeout quota
+   * has been approved in the target account; otherwise, values over 60 seconds will produce an error at deploy time.
+   *
+   * @default Duration.seconds(5)
+   */
+  readonly keepaliveTimeout?: cdk.Duration;
+}
+
+/**
+ * An Origin for an API Gateway REST API.
+ */
+export class RestApiOrigin extends cloudfront.OriginBase {
+
+  constructor(restApi: apigateway.RestApi, private readonly props: RestApiOriginProps = {}) {
+    // urlForPath() is of the form 'https://<rest-api-id>.execute-api.<region>.amazonaws.com/<stage>'
+    // Splitting on '/' gives: ['https', '', '<rest-api-id>.execute-api.<region>.amazonaws.com', '<stage>']
+    // The element at index 2 is the domain name, the element at index 3 is the stage name
+    super(cdk.Fn.select(2, cdk.Fn.split('/', restApi.url)), {
+      originPath: `/${cdk.Fn.select(3, cdk.Fn.split('/', restApi.url))}`,
+      ...props,
+    });
+
+    validateSecondsInRangeOrUndefined('readTimeout', 1, 180, props.readTimeout);
+    validateSecondsInRangeOrUndefined('keepaliveTimeout', 1, 180, props.keepaliveTimeout);
+  }
+
+  protected renderCustomOriginConfig(): cloudfront.CfnDistribution.CustomOriginConfigProperty | undefined {
+    return {
+      originSslProtocols: [cloudfront.OriginSslPolicy.TLS_V1_2],
+      originProtocolPolicy: cloudfront.OriginProtocolPolicy.HTTPS_ONLY,
+      originReadTimeout: this.props.readTimeout?.toSeconds(),
+      originKeepaliveTimeout: this.props.keepaliveTimeout?.toSeconds(),
+    };
+  }
+}
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/package.json b/packages/@aws-cdk/aws-cloudfront-origins/package.json
@@ -86,6 +86,7 @@
     "aws-sdk": "^2.848.0"
   },
   "dependencies": {
+    "@aws-cdk/aws-apigateway": "0.0.0",
     "@aws-cdk/aws-cloudfront": "0.0.0",
     "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0",
     "@aws-cdk/aws-iam": "0.0.0",
@@ -95,6 +96,7 @@
   },
   "homepage": "https://github.com/aws/aws-cdk",
   "peerDependencies": {
+    "@aws-cdk/aws-apigateway": "0.0.0",
     "@aws-cdk/aws-cloudfront": "0.0.0",
     "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0",
     "@aws-cdk/aws-iam": "0.0.0",

diff --git a/packages/@aws-cdk/aws-cloudfront-origins/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-cloudfront-origins/rosetta/default.ts-fixture
@@ -1,6 +1,7 @@
 // Fixture with packages imported, but nothing else
 import { Duration, Stack } from '@aws-cdk/core';
 import { Construct } from 'constructs';
+import * as apigateway from '@aws-cdk/aws-apigateway';
 import * as cloudfront from '@aws-cdk/aws-cloudfront';
 import * as origins from '@aws-cdk/aws-cloudfront-origins';
 import * as s3 from '@aws-cdk/aws-s3';

diff --git a/packages/@aws-cdk/aws-cloudfront-origins/test/integ.rest-api-origin.ts b/packages/@aws-cdk/aws-cloudfront-origins/test/integ.rest-api-origin.ts
@@ -0,0 +1,17 @@
+import * as apigateway from '@aws-cdk/aws-apigateway';
+import * as cloudfront from '@aws-cdk/aws-cloudfront';
+import * as cdk from '@aws-cdk/core';
+import * as origins from '../lib';
+
+const app = new cdk.App();
+
+const stack = new cdk.Stack(app, 'integ-cloudfront-rest-api-origin');
+
+const api = new apigateway.RestApi(stack, 'RestApi', { endpointTypes: [apigateway.EndpointType.REGIONAL] });
+api.root.addMethod('GET');
+
+new cloudfront.Distribution(stack, 'Distribution', {
+  defaultBehavior: { origin: new origins.RestApiOrigin(api) },
+});
+
+app.synth();
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/test/rest-api-origin.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-cloudfront-origins/test/rest-api-origin.integ.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"18.0.0"}