serverless-appsync-cloudfront

![serverless](http://www.serverless.com)
![MIT licensed](https://raw.githubusercontent.com/artoliukkonen/serverless-appsync-cloudfront/master/LICENSE)

Automatically creates properly configured AWS CloudFront distribution that routes traffic
to AppSync.

This plugin is modified from serverless-api-cloudfront & serverless-domain-manager plugins to support AppSync instead of API Gateway.

:zap: Pros

- Allows you to set-up custom domain for your AppSync
- Web Application Firewall support - enable AWS WAF to protect your API from security threats

Installation

npm i --save-dev serverless-appsync-cloudfront

yarn add -D serverless-appsync-cloudfront

Configuration

- All appSyncCloudFront configuration parameters are optional - e.g. don't provide ACM Certificate ARN to use default CloudFront certificate (which works only for default cloudfront.net domain).
- First deployment may be quite long (e.g. 10 min) as Serverless is waiting for CloudFormation to deploy CloudFront distribution.

`add in your serverless.yml`

plugins: - serverless-appsync-cloudfront

`All of these custom parameters are optional`


custom:
  appSyncCloudFront:
    domainName: my-custom-domain.com
    certificate: arn:aws:acm:us-east-1:000000000000:certificate/00000000-1111-2222-3333-444444444444
    waf: 00000000-0000-0000-0000-000000000000
    compress: true
    logging:
      bucket: my-bucket.s3.amazonaws.com
      prefix: my-prefix
    cookies: none
    headers:
      - x-api-key
    querystring:
      - page
      - per_page
    priceClass: PriceClass_100
    minimumProtocolVersion: TLSv1
    enabled: true

$3

- domain can be list, so if you want to add more domains, instead string you list multiple ones:

`domain: - my-custom-domain.com - secondary-custom-domain.com`

- cookies can be _all_ (default), _none_ or a list that lists the cookies to whitelist

`cookies: - FirstCookieName - SecondCookieName`

- [headers][headers-default-cache] can be _all_, _none_ (default) or a list of headers ([see CloudFront custom behaviour][headers-list]):

`headers: all`

[headers-default-cache]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-forwardedvalues [headers-list]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior

- querystring can be _all_ (default), _none_ or a list, in which case all querystring parameters are forwarded, but cache is based on the list:

`querystring: all`

- [priceClass][price-class] can be PriceClass_All (default), PriceClass_100 or PriceClass_200:

`priceClass: PriceClass_All`

[price-class]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_GetDistributionConfig.html#cloudfront-GetDistributionConfig-response-PriceClass

- [minimumProtocolVersion][minimum-protocol-version] can be TLSv1 (default), TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018 or SSLv3:

`minimumProtocolVersion: TLSv1`

[minimum-protocol-version]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-MinimumProtocolVersion

- enabled can be true (default) or false. Can be used to disable cloudfront distribution deployment.

`enabled: true`

`$3`

In order to make this plugin work as expected a few additional IAM Policies might be needed on your AWS profile.

More specifically this plugin needs the following policies attached:

- cloudfront:CreateDistribution-cloudfront:GetDistribution-cloudfront:UpdateDistribution-cloudfront:DeleteDistribution-cloudfront:TagResource`

You can read more about IAM profiles and policies in the Serverless documentation.