tb_pulumi.cloudfront

Infrastructural patterns related to AWS CloudFront.

class tb_pulumi.cloudfront.CloudFrontS3Service(name: str, project: ThunderbirdPulumiProject, certificate_arn: str, service_bucket_name: str, behaviors: list[dict] = [], default_function_associations: dict = {}, distribution: dict = {}, forcibly_destroy_buckets: bool = False, origins: list[dict] = [], opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:cloudfront:CloudFrontS3Service

Serve the static contents of an S3 bucket over a CloudFront Distribution.

Produces the following resources:

  • service_bucket - aws.s3.Bucket in which to store the static content to be served over the CloudFront Distribution.

  • logging_bucket - aws.s3.Bucket in which to store the access logs for the service bucket.

  • logging_bucket_ownership - aws.s3.BucketOwnershipControls which allow CloudFront to upload logs into the logging bucket.

  • logging_bucket_acl - aws.s3.BucketAclV2 allowing CloudFront to control the logging bucket via the AWS account’s canonical user.

  • origin_access_control - aws.cloudfront.OriginAccessControl allowing the CloudFront Distribution to serve the service bucket’s content via CDN.

  • cloudfront_distribution - aws.cloudfront.Distribution that serves the service bucket content over a CDN and produces output logs in the logging bucket.

  • service_bucket_policy - aws.s3.BucketPolicy allowing the CloudFront Distribution read access to the objects in the service bucket.

  • invalidation_policy - aws.iam.Policy that allows an IAM entity to create cache invalidations in the CloudFront Distribution, which must be done when the contents of the service bucket are updated. This is not attached to any entities; it exists for developer use when setting up CI flows.

Parameters:

  • name (str) – A string identifying this set of resources.

  • project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

  • certificate_arn (str) – The ARN of the ACM certificate used for TLS in this distribution.

  • service_bucket_name (str) – The name of the S3 bucket to store the static content in. This must be globally unique within the entire S3 ecosystem.

  • behaviors (list[dict], optional) – The default behavior of the CF distribution will always be to look in the S3 bucket. Any other behaviors should be defined as an entry in this list. These should be DistributionOrderedCacheBehavior objects. Defaults to [].

  • distribution (dict, optional) – Additional parameters to pass to the aws.cloudfront.Distribution constructor. Defaults to {}.

  • forcibly_destroy_buckets (bool, optional) – When True, the service bucket and logging bucket will both be forcibly emptied - all their contents destroyed beyond recovery - when the bucket resource is destroyed. This is dangerous, as it bypasses protections against data loss. Only enable this for volatile environments. Defaults to False.

  • origins (list[dict], optional) – List of DistributionOrigin objects to add. This list should not include any references to the S3 bucket, which is managed by this module. Defaults to [].

  • opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

  • kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource resource.