-
Notifications
You must be signed in to change notification settings - Fork 0
/
integ.default.ts
110 lines (95 loc) · 2.58 KB
/
integ.default.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/* eslint-disable node/no-process-env */
import { TurborepoRemoteCache } from '.'
import type { StackProps } from 'aws-cdk-lib'
import {
App,
aws_certificatemanager,
aws_cloudfront,
aws_cloudfront_origins,
aws_route53,
aws_route53_targets,
Duration,
Fn,
Stack,
} from 'aws-cdk-lib'
import type { Construct } from 'constructs'
import * as fs from 'node:fs'
import * as path from 'node:path'
const zoneName = 'github.nimmervoll.work'
const domainName = 'cache.github.nimmervoll.work'
const app = new App()
class CertificatesStack extends Stack {
public readonly certificate: aws_certificatemanager.Certificate
public constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props)
const hostedZone = aws_route53.PublicHostedZone.fromLookup(
this,
'HostedZone',
{
domainName: zoneName,
}
)
this.certificate = new aws_certificatemanager.Certificate(
this,
'Certificate',
{
domainName,
validation:
aws_certificatemanager.CertificateValidation.fromDns(hostedZone),
}
)
}
}
const { certificate } = new CertificatesStack(
app,
'cdk-turborepo-remote-cache-certificate',
{
env: {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: 'us-east-1',
},
}
)
const stack = new Stack(app, 'cdk-turborepo-remote-cache', {
crossRegionReferences: true,
env: {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: process.env.CDK_DEFAULT_REGION,
},
})
const secretToken = fs
.readFileSync(path.join(__dirname, '../.env.local'), 'utf8')
.split('TURBO_TOKEN=')[1]
.split('\n')[0]
.trim()
const { functionUrl, bucket } = new TurborepoRemoteCache(
stack,
'TurborepoCache',
{
secretToken,
}
)
bucket.addLifecycleRule({
expiration: Duration.days(7),
})
const zone = aws_route53.PublicHostedZone.fromLookup(stack, 'HostedZone', {
domainName: zoneName,
})
const functionUrlfqdn = Fn.select(2, Fn.split('/', functionUrl.url))
const distribution = new aws_cloudfront.Distribution(stack, 'Cache', {
certificate,
defaultBehavior: {
allowedMethods: aws_cloudfront.AllowedMethods.ALLOW_ALL,
origin: new aws_cloudfront_origins.HttpOrigin(functionUrlfqdn),
originRequestPolicy: aws_cloudfront.OriginRequestPolicy.ALL_VIEWER,
viewerProtocolPolicy: aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
},
domainNames: [domainName],
})
new aws_route53.ARecord(stack, 'CacheRecord', {
recordName: `${domainName}.`,
target: aws_route53.RecordTarget.fromAlias(
new aws_route53_targets.CloudFrontTarget(distribution)
),
zone,
})