Using Cloudfront with an HTTP API Origin - aws-api-gateway

I want to redirect HTTP traffic to HTTPS. So I want to put my app, which runs on an API Gateway, behind Cloudfront. But I want to use aws_cdk.aws_cloudfront to launch my Cloudfront instance.
self.distribution = cloudfront.Distribution(
self,
construct_id,
default_behaviour=cloudfront.BehaviorOptions(
origin=cloudfront_origins.RestApiOrigin(api),
...
This would be my ideal implementation. But my api is of type HttpApi; I am using aws_apigatewayv2_alpha.
Is there any way I can use an HttpApi as the origin of my Cloudfront distribution, using aws_cloudfront?

You can create Origins from any HTTP endpoint like below, given the domain name, and optionally, other origin properties.
# Creates a distribution from an HTTP endpoint
cloudfront.Distribution(self, "myDist",
default_behavior=cloudfront.BehaviorOptions(origin=origins.HttpOrigin("www.example.com"))
)

Related

Routing message from AWS API Gateway to SQS regarding URL path

I need to route a message from API Gateway to a specific queue regarding URL Path.
By example:
/queues/{queueId} -> API GW routes /queues/queue1 URL to SQS queue1
Is it possible to do it "simply" only with API GW config or do I need to use a lambda to make the routing to the right queue ? or any other solution ?
It is possible to do that.
While configuring integration on Path Override you need define it like 12345678/{queueId} (12345678 is your account id).
Then you need to define URL PATH Parameters
Name queueId, Mapped from method.request.path.queueId
Expand HTTP headers add new Header with Name Content-Type, Mapped from as 'application/x-www-form-urlencoded'
Add a Mapping Templates as Content-Type application/json and template body as Action=SendMessage&MessageBody=$input.body

Accessing ArcGIS data over HTTP

I am attempting am building a map data React app using GIS data. I am accessing public GIS endpoints.
The endpoint is http://gis.infrastructure.gov.au/infrastructure/rest/services/KeyFreightRoute/KFR/MapServer/0
On local development, it is working fine. However, once pushed to live it returns the error: net::ERR_CONNECTION_REFUSED. Due to it being an HTTP endpoint.
The ArcGIS docs describe a solution using config, and I have included the following code:
esriConfig.request.interceptors.push({
// set the `urls` property to the URL of the FeatureLayer so that this
// interceptor only applies to requests made to the FeatureLayer URL
urls: featureLayerUrl,
// use the BeforeInterceptorCallback to check if the query of the
// FeatureLayer has a maxAllowableOffset property set.
// if so, then set the maxAllowableOffset to 0
before: function (params) {
if (params.requestOptions.query.maxAllowableOffset) {
params.requestOptions.query.maxAllowableOffset = 0;
}
},
// use the AfterInterceptorCallback to check if `ssl` is set to 'true'
// on the response to the request, if it's set to 'false', change
// the value to 'true' before returning the response
after: function (response) {
if (!response.ssl) {
console.log('not ssl');
response.ssl = true;
}
},
});
However, it still isn't working!? In fact, the console.log('not ssl') isn't even logging on the live site (but it is logging on localhost).
How do you access HTTP GIS endpoints?
This is more of a browser limitation than a GIS-specific problem. If your current URL bar has "HTTPS", the page is not allowed to access HTTP resources - the browser enforces this as a security measure. You have two options:
Convince the owner of that site ("gis.infrastructure.gov.au") to enable HTTPS. This is standard practice these days and fairly trivial to do. They should do this.
You can run a proxy like the Esri Resource Proxy on your own server. That way your application will access the url via HTTPS (because your server is secured with HTTPS), but then the server makes the HTTP request on the server site, thus getting around the browser security limitation

Override single API endpoint locally

Is it possible to override a single API end-point locally?
i.e:
https://jsonplaceholder.typicode.com/todos/1
To this one:
http://localhost:3000/todos/1
But without touching others end-point like:
https://jsonplaceholder.typicode.com/movie/1
I'm trying to find a tool to do this, I also tried to use the hosts file but it work only domain by domain, not for a single API endpoint.
You can use the Map Remote function in Charles. I believe similar feature exists in other HTTP proxy tool such as Fiddler too.
First, configure Map Remote and mapping https://jsonplaceholder.typicode.com to http://localhost:3000, limit the path to /todos/*, so that it won't impact /movie/1:
Then, as Charles is trying to intercept HTTPS site, you need to enable "SSL Proxying" and add jsonplaceholder.typicode.com (Otherwise, browser will ignore the interceptor or just throw a certificate warning):
It's done. In browser, access to https://jsonplaceholder.typicode.com/todos/1 or https://jsonplaceholder.typicode.com/todos/2 will be redirected to http://localhost:/todos/1 or http://localhost:3000/todos/2 internally, while access to https://jsonplaceholder.typicode.com/movie/1 is not touched.

Github pages and custom domain from 123Reg

I've got a custom domain from 123Reg - www.mydomainname.co.uk - which I want to use for my github page - mygithub.github.io
I've managed to set it up so that www.mydomainname.co.uk works, but it isn't using https and therefore shows as unsecure, how can I make it use https?
Also, is there a way of allowing mydomainname.co.uk to work as well?
First you should make sure HTTPS is working on https://www.mydomainname.co.uk (by default it should). You can Enforce HTTPS under your repository settings, so it would do the redirection from http to https.
To get your apex domain mydomainname.co.uk working, it's best if you do a redirection to www.mydomainname.co.uk from where you manage your DNS (some don't have the feature).

AWS API Gateway: Pass Referrer URL

Is it possible for requests to the API-Gateway to pass the referrer URL to Lambda? For example, I'd love to let my lambda functions know if a request comes from the domain "good.com" vs. "bad.com".
I'm familiar with the list of supported $context Variables and I know a referrer url is not in there. I'm wondering if there is another way. If it is possible, what steps do I need to take?
Here's how to do it.
As it turns out, the mapping template allows you to map HTTP headers, not just the list of supported variables in the documentation.
The HTTP header that contains the referrer domain is called "Origin". The header that contains the referer page URL is called "Referer".
So, for example, you can put this in your mapping template and it will grab the associated header information:
{
"origin" : "$input.params('origin')",
"referer" : "$input.params('referer')"
}
Origin grabs example.com. Referer grabs example.com/pagename
It's an HTTP header, so if you are mapping HTTP headers in the template it will be passed to the Lambda function. Look at this answer for an example of how to map HTTP headers in the request template.