Cache polices fixes

cloudfront.cfndsl.rb

@@ -176,7 +176,7 @@
     behaviours = external_parameters.fetch(:behaviours, {})
     behaviours.each do |behaviour, config|
       if behaviour == 'default'
-        if (config.has_key?('CachePolicyId') and config.has_key?('ForwardedValues'))
+        if (config.has_key?('CachePolicyId'))
           config.delete('ForwardedValues')
           policy_safe = config['CachePolicyId'].gsub(/[-_.]/,"")
           config['CachePolicyId'] = { "Ref" => "#{policy_safe}CloudFrontCachePolicy" }
@@ -194,7 +194,7 @@
         distribution_config[:DefaultCacheBehavior] = config
       else
         config.each do |x|
-          if (x.has_key?('CachePolicyId') and x.has_key?('ForwardedValues'))
+          if (x.has_key?('CachePolicyId'))
             x.delete('ForwardedValues')
             policy_safe = x['CachePolicyId'].gsub(/[-_.]/,"")
             x['CachePolicyId'] = { "Ref" => "#{policy_safe}CloudFrontCachePolicy" }

tests/cache_policies.test.yaml

@@ -0,0 +1,64 @@
+test_metadata:
+  type: config
+  name: cache policies
+  description: Create custom cache policies
+
+
+origins:
+  myapploadbalancer:
+    source: loadbalancer
+    # http-only | match-viewer | https-only
+    protocol_policy: https-only
+    ssl_protocols:
+      - TLSv1.2
+
+cache_policies:
+  full:
+    Comment: Full Cache Policy
+    DefaultTTL: 86400     # Required
+    MaxTTL: 31536000      # Required
+    MinTTL: 0             # Required
+    Name: Full-Policy.    # Required
+    CookieBehavior: none  # none|whitelist|allExcept|all   Required
+    Cookies:
+      - someValue
+    EnableAcceptEncodingBrotli: false
+    EnableAcceptEncodingGzip: true # Required
+    HeaderBehavior: none  # none|whitelist Required
+    Headers:
+      - Host
+      - CloudFront-Viewer-Country
+  minimal:
+    Headers:
+      - Host
+      - CloudFront-Viewer-Country
+
+behaviours:
+  default:
+    AllowedMethods:
+      - GET
+      - HEAD
+      - OPTIONS
+      - PUT
+      - PATCH
+      - POST
+      - DELETE
+    TargetOriginId: myapploadbalancer
+    CachePolicyId: full
+    ForwardedValues:
+      Headers:
+        - "CloudFront-Viewer-Country"
+      Cookies:
+        Forward: all  # none  # Drift detected on STAGE and PROD as well
+      QueryString: true
+    ViewerProtocolPolicy: redirect-to-https # allow-all|redirect-to-https|https-only
+  custom:
+    -
+      PathPattern: /api*
+      AllowedMethods:
+        - GET
+        - HEAD
+        - OPTIONS
+      Compress: true
+      TargetOriginId: myapploadbalancer
+      CachePolicyId: minimal

tests/functions.test.yaml

@@ -0,0 +1,65 @@
+test_metadata:
+  type: config
+  name: functions
+  description: Create cloudfront functions
+
+
+origins:
+  myapploadbalancer:
+    source: loadbalancer
+    # http-only | match-viewer | https-only
+    protocol_policy: https-only
+    ssl_protocols:
+      - TLSv1.2
+
+functions:
+  default-viewer-request:
+    code: |
+      async function handler(event) {
+      const request = event.request;
+      const uri = request.uri;
+      if (uri.endsWith('/')) { request.uri += 'index.html'; }
+      else if (!uri.includes('.')) { request.uri += '/index.html'; }
+      return request;
+      }
+  custom-viewer-request:
+    code: |
+      async function handler(event) {
+      const request = event.request;
+      const uri = request.uri;
+      if (uri.endsWith('/')) { request.uri += 'index.html'; }
+      else if (!uri.includes('.')) { request.uri += '/index.html'; }
+      return request;
+
+behaviours:
+  default:
+    AllowedMethods:
+      - GET
+      - HEAD
+      - OPTIONS
+      - PUT
+      - PATCH
+      - POST
+      - DELETE
+    TargetOriginId: myapploadbalancer
+    FunctionAssociation:
+      EventType: viewer-request # viewer-request|viewer-response|origin-request|origin-response
+      Function: default-viewer-request
+    ForwardedValues:
+      Headers:
+        - "CloudFront-Viewer-Country"
+      Cookies:
+        Forward: all  # none  # Drift detected on STAGE and PROD as well
+      QueryString: true
+    ViewerProtocolPolicy: redirect-to-https # allow-all|redirect-to-https|https-only
+  custom:
+    -
+      PathPattern: /api*
+      AllowedMethods:
+        - GET
+        - HEAD
+        - OPTIONS
+      Compress: true
+      TargetOriginId: myapploadbalancer
+      FunctionAssociation:
+        Function: custom-viewer-request

tests/origin_polices.test.yaml

@@ -0,0 +1,62 @@
+test_metadata:
+  type: config
+  name: origin policies
+  description: Create custom cache policies
+
+
+origins:
+  myapploadbalancer:
+    source: loadbalancer
+    # http-only | match-viewer | https-only
+    protocol_policy: https-only
+    ssl_protocols:
+      - TLSv1.2
+
+origin_request_policies:
+  origin-full:
+    Comment: the origin request policy for here
+    CookieBehavior: none  # none|whitelist|allExcept|all   Required
+    Cookies:
+      - someValue
+    HeaderBehavior: none  # none|whitelist Required
+    Headers:
+      - Host
+      - CloudFront-Viewer-Country
+    Name: Policy-for-here # Required
+    QueryStringBehavior:  none # none|whitelist|all|allExcept   Required
+    QueryStrings:
+      - someValue
+  origin-minimal:
+    Headers:
+      - Host
+
+
+behaviours:
+  default:
+    AllowedMethods:
+      - GET
+      - HEAD
+      - OPTIONS
+      - PUT
+      - PATCH
+      - POST
+      - DELETE
+    TargetOriginId: myapploadbalancer
+    OriginRequestPolicyId: origin-full
+    ForwardedValues:
+      Headers:
+        - "CloudFront-Viewer-Country"
+      Cookies:
+        Forward: all  # none  # Drift detected on STAGE and PROD as well
+      QueryString: true
+    ViewerProtocolPolicy: redirect-to-https # allow-all|redirect-to-https|https-only
+  custom:
+    -
+      PathPattern: /api*    
+      AllowedMethods:
+        - GET
+        - HEAD
+        - OPTIONS
+      Compress: true
+      TargetOriginId: myapploadbalancer
+      OriginRequestPolicyId: origin-minimal