Buckets

Easy use - AWS S3 Buckets provide you with simple way to store, access and modify any type of object (files) in a straight forward way.
Scaling - Bucket automatically scales the storage resources up and down to meet fluctuating demands.
Reliability - S3 Buckets are designed for 99.999999999% (11 9’s) of data durability because AWS automatically creates and stores copies of all bucket objects across multiple systems. This means your data is available when needed and protected against failures, errors, and threats.
Storage flexibility - Save costs without sacrificing performance by storing data across the S3 Storage Classes, which support different data access levels at corresponding rates. You can easily setup lifecycle rules to change objects' storage class throughout their existence.
Security - S3 Buckets give you robust way to manage access to your data. You can granulary control access to your bucket to ensure data integrity.
Integration with workloads - You can easily trigger a function or a batch-job as a reaction to event happening in the bucket. This gives you ability to log activities, define alerts, and automate workflows without managing additional infrastructure.

Defnition breakdown

Bucket API reference

type

Required

No description

Type: string "bucket"

properties.autoSyncDirectory

Path to the directory that should be synchronized to the bucket on every deployment

Type: string

After the sync is finished, your bucket will contain the contents of the local folder (not the other way around).
Files are uploaded using parallel multipart uploads
Path is relative to current working directory

Existing contents of the bucket will be deleted and replaced with the contents of the local directory. You should not use bucket with autoSync enabled for application-generated or user-generated content.

properties.accessibility

Configures accessibility of the bucket.

Type: BucketAccessibility

properties.cors

Configures CORS (Cross-Origin Resource Sharing) HTTP headers for the bucket.

Type: BucketCorsConfig

properties.versioning

Enables versioning of objects in the bucket

Type: boolean

If enabled, bucket keeps multiple variants of an object.
This can help you to recover objects from an accidental deletion/overwrite, or to store multiple objects with the same name.

properties.encryption

Enables encryption of the objects stored in this bucket

Type: boolean

Objects are encrypted using the AES256 algorithm.

properties.lifecycleRules

Configures the way objects are stored throughout their lifecycle.

Type: Array of (Expiration or NonCurrentVersionExpiration or ClassTransition or NonCurrentVersionClassTransition or AbortIncompleteMultipartUpload)

Lifecycle rules are used to transition objects to different storage class, delete old objects, etc.

properties.cdn

Configures CDN (Content delivery network) for this bucket

Type: BucketCdnConfiguration

overrides

Overrides one or more properties of the specified child resource.

Type: Object

Child resouces are specified using their descriptive name (e.g. DbInstance or Events.0.HttpApiRoute).
To see all configurable child resources for given Stacktape resource, use stacktape stack-info --detailed command.
To see the list of properties that can be overriden, refer to AWS Cloudformation docs.


resources:
  myBucket:
    type: bucket

Accessibility

The accessibility section specifies the access policy for the bucket.

By setting restrictAccess, bucket gets predefined set of policies.
For advanced users, who need more granular control, it is possible to set accessPolicyStatements property to specify statements that will be appended to bucket policy statements.

BucketAccessibility API reference

Parent API reference: Bucket

accessibilityMode

Default: 'private'Required

Configures accessibility of the objects in the bucket

Type: string ENUM

Possible values: privatepublic-readpublic-read-write

Available modes:

private - Only workloads and entities that have sufficient rights can read from or write to the bucket.
public-read-write - Everyone can read from and write to the bucket.
public-read - Everyone can read from the bucket. Only workloads and entities that have sufficient rights can write to the bucket.

accessPolicyStatements

Advanced access configuration that leverages IAM policy statemns

Type: Array of BucketPolicyIamRoleStatement

Gives fined-grained access control to the bucket


resources:
  myBucket:
    type: bucket
    properties:
      accessibility:
        restrictAccess: private
        accessPolicyStatements:
          - Resource:
              - $Param('myBucket', 'Bucket::Arn')
            Action:
              - 's3:ListBucket'
            Principal: '*'

BucketPolicyIamRoleStatement API reference

Parent API reference: BucketAccessibility

Principal

Required

No description

Type: UNSPECIFIED

Resource

Required

List of resources we want to access

Type: Array of string

See AWS reference here.

Sid

Statement identifier.

Type: string

See AWS reference here.

Effect

Effect of the statement

Type: string

See AWS reference here.

Action

List of actions allowed/denied by the statement

Type: Array of string

see AWS reference here.

Condition

No description

Type: UNSPECIFIED

Auto sync (directory upload)

If configured, the specified directory will be synchronized to the bucket on every deployment.

This can be used to upload content such as a statically built website to the bucket.

After the sync is finished, your bucket will contain the contents of the local folder (not the other way around).
Files are uploaded using parallel multipart uploads
Path is relative to current working directory


resources:
  myBucket:
    type: bucket
    properties:
      autoSyncDirectory: '../public'

Uploads the public folder to the bucket on every deployment

Static web serving

You can easily serve your static website from a bucket using CDN.

The following example shows:

bucket configured with CDN.
we are using autoSync to upload our website content to bucket after upload


resources:
  myBucket:
    type: bucket
    properties:
      autoSync:
        syncDirectory: '../my-build-static-web'
      cdn:
        enabled: true

You can additionally do much more with CDN such as:

add domain names
configure rewrites to route requests to your API's
configure caching behaviors
see section Cdn to learn more...

Versioning

If enabled, bucket keeps multiple variants of an object.
This can help you to recover objects from an accidental deletion/overwrite, or to store multiple objects with the same name.


resources:
  myBucket:
    type: bucket
    properties:
      versioning: true

Encryption

When enabled, all objects uploaded to the bucket are by default server-side encrypted using the AES256 algorithm.


resources:
  myBucket:
    type: bucket
    properties:
      encryption: true

Cors

CORS settings of the bucket. Cors configuration can be granularly controlled using cors rules.

BucketCorsConfig API reference

Parent API reference: Bucket

enabled

Required

Enables CORS (Cross-Origin Resource Sharing) HTTP headers for the bucket

Type: boolean

corsRules

Required

List of CORS rules

Type: Array of BucketCorsRule

If you do not specify any cors rules, default rule with following configuration is used:

AllowedMethods: GET, PUT, HEAD, POST, DELETE
AllowedOrigins: '*'
AllowedHeaders: Authorization, Content-Length, Content-Type, Content-MD5, Date, Expect, Host, x-amz-content-sha256, x-amz-date, x-amz-security-token

When bucket receives a preflight request from a browser, it evaluates the CORS configuration for the bucket and uses the first CORS rule that matches the incoming browser request to enable a cross-origin request. For a rule to match, the following conditions must be met:

The request's Origin header must match one of allowedOrigins element.
The request method (for example, GET or PUT) or the Access-Control-Request-Method header in case of a preflight OPTIONS request must be one of the allowedMethods.
Every header listed in the request's Access-Control-Request-Headers header on the preflight request must match one of headers allowedHeaders.


resources:
  myBucket:
    type: bucket
    properties:
      cors:
        enabled: true

BucketCorsRule API reference

Parent API reference: BucketCorsConfig

allowedOrigins

Origins to accepts cross-domain requests from

Type: Array of string

Origin is a combination of scheme (protocol), hostname (domain), and port of the URL
Examples of same origin: http://example.com/app1:80 http://example.com/app2
Examples of a different origin: http://example.com/app1 https://example.com/app2

allowedHeaders

Allowed HTTP headers

Type: Array of string

Each header name in the Access-Control-Request-Headers header of a preflight request must match a corresponding entry in the rule.

allowedMethods

Allowed HTTP methods

Type: Array of string ENUM

Possible values: *DELETEGETHEADPATCHPOSTPUT

exposedResponseHeaders

Response headers that should be made available to scripts running in the browser, in response to a cross-origin request

Type: Array of string

maxAge

Time in seconds that browser can cache the response for a preflight request

Type: number

Lifecycle rules

Lifecycle rules allow you to automate basic object manipulations in your bucket. This includes:

Class transition
Expiration
Non current version class transition(applies to buckets with versioning enabled)
Non current version expiration(applies to buckets with versioning enabled)
Abort incomplete multipart upload

Class transition

Allows you to transition objects into a different storage class.

ClassTransition API reference

Parent API reference: Bucket

type

Required

No description

Type: string "class-transition"

properties.daysAfterUpload

Required

Number of days after the object is transitioned to another storage class

Type: number

Relative to the date uploaded
Depending on how often you need to access your objects, transitioning them to another storage can lead to a significant price reduction.

properties.storageClass

Required

Storage class to transition to

Type: string ENUM

Possible values: DEEP_ARCHIVEGLACIERINTELLIGENT_TIERINGONEZONE_IASTANDARD_IA

To learn more about storage classes and transitions, refer to AWS Docs

properties.prefix

Prefix of the objects to which the lifecycle rule is applied

Type: string

properties.tagFilters

Tags of the objects to which the lifecycle rule is applied

Type: Array of TagFilter

To learn more about tagging objects, refer to AWS Docs

This can be useful in cases if you do not need to access objects after some time, but you still need to keep them for compliance reasons. Transferring such objects to class storage meant for archiving (for example GLACIER) can save you significant portions of your costs.

The following example shows:

a bucket configured to transfer all uploaded objects to GLACIER storage class 90 days after upload.


resources:
  myBucket:
    type: bucket
    properties:
      lifecycleRules:
        - type: class-transition
          properties:
            daysAfterUpload: 90
            storageClass: 'GLACIER'

Expiration

Allows you to delete objects from the bucket after the specified amount of days after upload.

Expiration API reference

Parent API reference: Bucket

type

Required

No description

Type: string "expiration"

properties.daysAfterUpload

Required

Number of days after the object is considered expired

Type: number

Relative to the date uploaded

properties.prefix

Prefix of the objects to which the lifecycle rule is applied

Type: string

properties.tagFilters

Tags of the objects to which the lifecycle rule is applied

Type: Array of TagFilter

To learn more about tagging objects, refer to AWS Docs

This can be useful in cases if objects become irrelevant for you after some time. These objects can be deleted, thus saving you storage costs.

The following example shows:

All uploaded objects are transferred to GLACIER storage class 90 days after upload.
After 365 days, objects are completely deleted.


resources:
  myBucket:
    type: bucket
    properties:
      lifecycleRules:
        - type: class-transition
          properties:
            daysAfterUpload: 90
            storageClass: 'GLACIER'
        - type: expiration
          properties:
            daysAfterUpload: 365

Non-current version class transition

Allows you to transition versioned objects into a different storage class.

NonCurrentVersionClassTransition API reference

Parent API reference: Bucket

type

Required

No description

Type: string "non-current-version-class-transition"

properties.daysAfterVersioned

Required

Number of days after the non-current object is transitioned to another storage class

Type: number

Relative to date it became non-current (old)
Depending on how often you need to access your objects, transitioning them to another storage can lead to a significant price reduction.

properties.storageClass

Required

Storage class to transition to

Type: string ENUM

Possible values: DEEP_ARCHIVEGLACIERINTELLIGENT_TIERINGONEZONE_IASTANDARD_IA

To learn more about storage classes and transitions, refer to AWS Docs

properties.prefix

Prefix of the objects to which the lifecycle rule is applied

Type: string

properties.tagFilters

Tags of the objects to which the lifecycle rule is applied

Type: Array of TagFilter

To learn more about tagging objects, refer to AWS Docs

Same as class transition rule but applied to old versions of objects. This can be useful when you want to archive old versions of an object after some time to save you costs.

The following example shows:

all versioned objects are transferred to GLACIER storage class 10 days after they are versioned (become non-current version).


resources:
  myBucket:
    type: bucket
    properties:
      versioning: true
      lifecycleRules:
        - type: non-current-version-class-transition
          properties:
            daysAfterVersioned: 10
            storageClass: 'DEEP_ARCHIVE'

Non-current version expiration

Allows you to delete old versions of objects from the bucket after the specified amount of days after they are versioned.

NonCurrentVersionExpiration API reference

Parent API reference: Bucket

type

Required

No description

Type: string "non-current-version-expiration"

properties.daysAfterVersioned

Required

Number of days after the non-current object becomes expired.

Type: number

Relative to date it became non-current (old)
This rule is effective only if the bucket has versioning enabled.

properties.prefix

Prefix of the objects to which the lifecycle rule is applied

Type: string

properties.tagFilters

Tags of the objects to which the lifecycle rule is applied

Type: Array of TagFilter

To learn more about tagging objects, refer to AWS Docs

This can be useful if you only need to keep older versions of objects for some time and then they can be deleted thus saving you storage costs.

The following example shows:

all versioned objects are deleted ten days after being version (become non-current version).


resources:
  myBucket:
    type: bucket
    properties:
      versioning: true
      lifecycleRules:
        - type: non-current-version-expiration
          properties:
            daysAfterVersioned: 10

Abort incomplete multipart upload

Allows you to stop multipart uploads that do not complete within a specified number of days after being initiated.

AbortIncompleteMultipartUpload API reference

Parent API reference: Bucket

type

Required

No description

Type: string "abort-incomplete-multipart-upload"

properties.daysAfterInitiation

Required

Number of days after the in-complete upload is aborted, and it's parts deleted

Type: number

Relative to the start of multipart upload

properties.prefix

Prefix of the objects to which the lifecycle rule is applied

Type: string

properties.tagFilters

Tags of the objects to which the lifecycle rule is applied

Type: Array of TagFilter

To learn more about tagging objects, refer to AWS Docs

When a multipart upload is not completed within the timeframe, it becomes eligible for an abort operation, and Amazon S3 stops the multipart upload (and deletes the parts associated with the multipart upload, thus saving you costs).

The following example shows:

all incomplete uploads are stopped (and parts deleted) 5 days after initiation of multipart upload.


resources:
  myBucket:
    type: bucket
    properties:
      lifecycleRules:
        - type: abort-incomplete-multipart-upload
          properties:
            daysAfterInitiation: 5

Cdn

BucketCdnConfiguration API reference

Parent API reference: Bucket

enabled

Required

Enables the CDN

Type: boolean

optimizeForSinglePageApp

Optimizes the bucket to serve a SPA (Single Page Application)

Type: boolean

Automatically configures the CDN to effectively serve a single page application. This does 3 things:

Makes your content to be served from a CDN (geographically closer to your users)
Configures cache for the objects served by the CDN. Objects are cached at the edge location. If the cache expires, it's downloaded from the origin bucket again.
Configures HTTP cache-control headers (used for browser caching).
Automatically invalidates the CDN cache after every deployment.

disableUrlNormalization

URL normalization is used to have clean URLs with (whithout the .html extension)

Type: boolean

Enabling URL normalization makes the CDN to fetch the correct HTML files even without specifying .html or .index.html in the URL.
Example: Use my-domain.com/about instead of my-domain.com/about.html or my-domain.com/about/index.html

cachingOptions

Configures custom caching options

Type: CdnCachingOptions

Configures the caching behavior of your edge distribution (what & when should stay in cache, and when to refetch it from the origion)

forwardingOptions

Configures which parts of the request are forwarded to the origin (headers, query parameters, cookies etc.)

Type: CdnForwardingOptions

routeRewrites

Enables you to redirect specific requests to a different origin

Type: Array of CdnRouteRewrite

Each incoming request to the CDN is first evaluated against route rewrites. The requested path is compared with path pattern specified in route rewrite.
If the requested path matches the path pattern specified by route rewrite, the request is sent to the configured route.
Route rewrites are evaluated in order. The first match is where the request will be sent to.
If no match is found, request is sent to the default origin (the one that the CDN is attached to).

Example use cases:

Most of the content you are serving is a static content served from a bucket (static website). Some content however needs to be rendered dynamically by a lambda function. You can route paths that need to be rendered dynamically to the lambda function through http-api-gateway.
You want to cache your jpg files longer than other files. You can create route rewrite that will catch every path ending with jpg and set custom caching options for these paths.

customDomains

Custom domain names to connect to this CDN distribution

Type: Array of DomainConfiguration

cloudfrontPriceClass

Default: 'PriceClass_All'

Configures locations from which the CDN serves traffic

Type: string ENUM

Possible values: PriceClass_100PriceClass_200PriceClass_All

Higher priceclass results in more locations that serve your trafic.
This can result in better performance, but is more costly.
Example: If your users are located only in US & Europe, you can save money by configuring PriceClass_100
To learn more about price classes, refer to AWS docs

setResponseHeaders

Configures headers that will be added to all responses from the CDN

Type: Array of CdnResponseHeader

defaultRoutePrefix

Prefixes requests to the origin with specified prefix

Type: string

Example: If the CDN receives a request with path /my/resource/url, the request will be sent to the origin as <>/my/resource/url

errorDocument

Custom error document URL

Type: string

Error document is requested by the CDN if the original request to the origin responds with an error code 403, 404 or 500.
Example: /error.html

indexDocument

Default: '/index.html'

Custom index (root) document served for requests with path /

Type: string

invalidateAfterDeploy

Default: true

Invalidates the CDN cache after each deployment

Type: boolean

This prevents serving outdated content to your users
If you choose to invalidate the cache, CDN will flush all the cached content and new requests will result in a request to the origin (bucket, application-load-balancer or http-api-gateway)


resources:
  myBucket:
    type: bucket
    properties:
      cdn:
        enabled: true

Cdn domain names

Domains can be easily controlled by Stacktape.

If your domain DNS records are controlled by AWS Route 53, Stacktape automatically generates correct TLS certificates for your domain.

If your domain DNS records are NOT controlled by AWS:

migrate domain with a help of domain-add command (if you are migrating domain which is currently in use, please readAWS docs).
you can provision certificate by specifying customCertificateArn and specifyingdisableDnsProvision

DomainConfiguration API reference

Parent API reference: BucketCdnConfiguration

domainName

Required

Fully qualified (absolute) domain name.

Type: string

customCertificateArn

ARN of a custom certificate to be provisioned with this domain

Type: string

If not specified, Stacktape will try to use automatically generated certificates.

disableDnsProvision

Disables creation of a DNS record

Type: boolean

If your DNS records are not under control of Stactakpe (AWS Route 53), you can use this parameter to disable creation of a DNS record.
As a result, Stacktape will do all required operations to use the domain with attached endpoint, but will NOT create the DNS record.


resources:
  myBucket:
    type: bucket
    properties:
      cdn:
        enabled: true
        domainNames:
          - domainName: mydomain.com

Route rewrites

Route rewrites can be used to route requests coming to different origins: I.e., instead of forwarding a request to the bucket, the request can be routed to other resources (http-api-gateway, bucket, or application-load-balancer).

CdnRouteRewrite API reference

Parent API reference: BucketCdnConfiguration

path

Required

Path to be adjusted by this route rewrite

Type: string

You can use wildcards for your path patterns to match multiple paths.
To learn more about path patterns, refer to AWS docs

routePrefix

Prefixes every request to the origin with the specified prefix

Type: string

Example: If the CDN receives a request with path /my/resource/url, the request will be sent to the origin as <>/my/resource/url

routeTo

Configures the origin to which the route rewrite forwards requests

Type: (CdnLoadBalancerRoute or CdnHttpApiGatewayRoute or CdnBucketRoute)

If not set, the default origin (the one this CDN is attached to) is used

setResponseHeaders

Configures headers that will be added to all responses from the CDN that match this route rewrite

Type: Array of CdnResponseHeader

cachingOptions

Configuires custom caching options for this route rewrite

Type: CdnCachingOptions

Configures the caching behavior of your edge distribution (what & when should stay in cache, and when to refetch it from the origion)

forwardingOptions

Enables you to redirect specific requests to a different origin

Type: CdnForwardingOptions

Forwarding options enable you to set which parts of the request are forwarded to the origin (headers, query params, cookies etc.)

Routing to a bucket

CdnBucketRoute API reference

Parent API reference: CdnRouteRewrite

type

Required

No description

Type: string "bucket"

properties.bucketName

Required

Name of the bucket

Type: string

properties.disableUrlNormalization

Disables URL normalization (ability to use clean urls without the .html extension)

Type: boolean

URL normalization is useful when you want to serve HTML files from the bucket
When the URL normalization is enabled, the CDN is able to fetch correct HTML files from the bucket even when incomplete URL is used (without the .html extension)
This enables you to use URLs such as <>/about instead of urls <>/about.html or <>/about/index.html

In the following example we are routing all request with URL path starting with /images to the bucket myBucket2 which contains all of our images. All other requests are routed to the bucket myBucket.


resources:
  myBucket:
    type: bucket
    properties:
      cdn:
        enabled: true
        routeRewrites:
          - path: /images/*
            routeTo:
              type: bucket
              properties:
                bucketName: myBucket2
                disableUrlNormalization: true

  myBucket2:
    type: 'bucket'

Routing to application-load-balancer

CdnLoadBalancerRoute API reference

Parent API reference: CdnRouteRewrite

type

Required

No description

Type: string "application-load-balancer"

properties.loadBalancerName

Required

Name of the Load balancer

Type: string

properties.listenerPort

Required

Port of the Load balancer listener

Type: number

properties.originDomainName

Explicitly sets the origin domain name you wish to use when forwarding to load balancer

Type: string

This is only neccessary if the load balancer has no domainNames attached and listener uses customCertificateArns

In the following example we are routing all request with url path starting with /api to the load-balancer myLoadBalancer. All other requests are routed to the bucket myBucket.


resources:
  myBucket:
    type: bucket
    properties:
      cdn:
        enabled: true
        routeRewrites:
          - path: /api/*
            routeTo:
              type: 'application-load-balancer'
              properties:
                loadBalancerName: myLoadBalancer
                listenerPort: 443

  myLoadBalancer:
    type: 'application-load-balancer'
    properties:
      listeners:
        - port: 443
          protocol: HTTPS

Routing to http-api-gateway

CdnHttpApiGatewayRoute API reference

Parent API reference: CdnRouteRewrite

type

Required

No description

Type: string "http-api-gateway"

properties.httpApiGatewayName

Required

Name of the HTTP Api Gateway

Type: string

The following example shows:

CDN configuration in which we are routing all requests with URL path starting with /api to the http-api-gateway appApiGateway.
All other requests are routed to the bucket myBucket.


resources:
  myBucket:
    type: bucket
    properties:
      cdn:
        enabled: true
        routeRewrites:
          - path: /api/*
            routeTo:
              type: 'http-api-gateway'
              properties:
                httpApiGatewayName: appApiGateway

  appApiGateway:
    type: 'http-api-gateway'

Caching options

Caching options enable you to specify caching settings for your CDN.

You can specify different cache options for each route rewrite. This gives you the ability to cache different types of content differently.

If you do not specify caching options, Stacktape uses default caching options.

CdnCachingOptions API reference

Parent API reference: (BucketCdnConfiguration or CdnRouteRewrite)

cacheMethods

Only responses to the requests with these methods will be cached

Type: Array of string ENUM

Possible values: GETHEADOPTIONS

Possible values are:
- ['GET', 'HEAD']
- ['GET', 'HEAD', 'OPTIONS']

minTTL

The minimum amount of time in seconds that the objects will stay in the CDN cache before another request is sent to the origin

Type: number

To learn more about cache expiration, refer to AWS Docs

maxTTL

The maximum amount of time in seconds that the objects will stay in the CDN cache before another request is sent to the origin

Type: number

To learn more about cache expiration, refer to AWS Docs

defaultTTL

The default amount of time in seconds that the objects will stay in the CDN cache before another request is sent to the origin

Type: number

To learn more about cache expiration, refer to AWS Docs

disableCompression

Default: false

Disables athe utomatic file compression by the CDN

Type: boolean

The CDN compresses files using the Gzip and Brotli compression methods by default.
If the viewer supports both formats, Brotli version is used.
To learn more about compression, refer to AWS Docs

disableAcceptEncodingBrotli

Default: false

Disables Brotli compression

Type: boolean

disableAcceptEncodingGzip

Default: false

Disables Gzip compression

Type: boolean

cacheKeyParameters

Configures HTTP headers, cookies, and URL query strings to include in the cache key

Type: CdnCacheKey

The values included in the cache key are automatically forwarded in the requests that the CDN sends to the origin.

The following example shows:

CDN configuration in which we are setting default TTL for the default route to 604800 seconds (7 days).
Every request with URL path ending with .*jpg will be cached for 2592000 seconds (30 days).


resources:
  myBucket:
    type: bucket
    properties:
      cdn:
        enabled: true
        cachingOptions:
          defaultTTL: 604800
        routeRewrites:
          - path: '*.jpg'
            cachingOptions:
              defaultTTL: 2592000

Specify cache key

The cache key section specifies which parts of a request are included in the cache key.

By default, requests are cached only based on the path.

A cache key can be configured to include headers, cookies, or query params.

CdnCacheKey API reference

Parent API reference: CdnCachingOptions

Configures cookies that will be included in the cache key

Type: CacheKeyCookies

The cookies included in the cache key are automatically forwarded in the requests that the CDN sends to the origin.
By default no cookies are included in the cache key.

headers

Configures headers that will be included included in the cache key

Type: CacheKeyHeaders

The headers included in the cache key are automatically forwarded in the requests that the CDN sends to the origin.
By default no headers (except Accept-Encoding for compression to work) are included in the cache key.

queryString

Configures query parameters that will be included in the cache key

Type: CacheKeyQueryString

The query params included in the cache key are automatically forwarded in the requests that the CDN sends to the origin.
By default no query params are included in the cache key.

Cache key headers

CacheKeyHeaders API reference

Parent API reference: CdnCacheKey

none

No headers are included in the cache key

Type: boolean

whitelist

Only the headers listed are included in the cache key

Type: Array of string

Cache key cookies

CacheKeyCookies API reference

Parent API reference: CdnCacheKey

none

No cookies are included in the cache key

Type: boolean

whitelist

Only the listed cookies are included in the cache key

Type: Array of string

allExcept

All cookies except the ones listed are included in the cache key

Type: Array of string

all

All cookies are included in the cache key

Type: boolean

Cache key query string

CacheKeyQueryString API reference

Parent API reference: CdnCacheKey

all

All query params are included in the cache key

Type: boolean

none

No query params are included in the cache key

Type: boolean

whitelist

Only the query parameters listed are included in the cache key

Type: Array of string

Forwarding options

Forwarding options specify which parts of a request get forwarded to the origin.

Different forwarding options can be specified for each route rewrite.

If no forwarding options are specified, Stacktape uses default forwarding options.

CdnForwardingOptions API reference

Parent API reference: (BucketCdnConfiguration or CdnRouteRewrite)

customRequestHeaders

Adds static headers that the CDN will add to all requests sent to the origin

Type: Array of CdnCustomRequestHeader

allowedMethods

Configured methods that will be forwarded by the CDN to the origin

Type: Array of string ENUM

Possible values: DELETEGETHEADOPTIONSPATCHPOSTPUT

If not set, all methods are forwarded

Configured cookies forwarded to the origin

Type: ForwardCookies

If not set, all cookies are forwarded
All cookies that are part of the cache key (see cachingOptions) are automatically forwarded to the origin.

headers

Configured headers will be forwarded to the origin

Type: ForwardHeaders

If not set, all headers are forwarded
All headers that are part of the cache key (see cachingOptions) are automatically forwarded to the origin.

queryString

Configured query params will be forwarded to the origin

Type: ForwardQueryString

If not set, all query string parameters are forwarded
All query string parameters that are part of the cache key (see cachingOptions) are automatically forwarded to the origin.

In the following example we are configuring CDN to only forward requests with methods GET.


resources:
  myBucket:
    type: bucket
    properties:
      cdn:
        enabled: true
        forwardingOptions:
          allowedMethods:
            - 'GET'

Forwarding headers

ForwardHeaders API reference

Parent API reference: CdnForwardingOptions

none

No headers are forwarded to the origin

Type: boolean

whitelist

Only the headers listed are forwarded to the origin

Type: Array of string

allViewer

All viewer headers are forwarded to the origin

Type: boolean

allViewerAndWhitelistCloudFront

All viewer headers and additional listed CDN headers are forwarded to the origin

Type: Array of string

Forwarding cookies

ForwardCookies API reference

Parent API reference: CdnForwardingOptions

none

No cookies are forwarded to the origin

Type: boolean

whitelist

Only the cookies listed are forwarded to the origin

Type: Array of string

all

All cookies are forwarded to the origin

Type: boolean

Forwarding query string

ForwardQueryString API reference

Parent API reference: CdnForwardingOptions

all

All query params are forwarded to the origin

Type: boolean

none

No query params are forwarded to the origin

Type: boolean

whitelist

Only the query parameters listed are forwarded to the origin

Type: Array of string

API reference

CdnResponseHeader API reference

Parent API reference: (BucketCdnConfiguration or CdnRouteRewrite)

headerName

Required

Name of the header

Type: string

value

Required

Value of the header

Type: string

CdnCustomRequestHeader API reference

Parent API reference: CdnForwardingOptions

headerName

Required

Name of the header

Type: string

value

Required

Value of the header

Type: string

TagFilter API reference

Parent API reference: (AbortIncompleteMultipartUpload or NonCurrentVersionClassTransition or ClassTransition or NonCurrentVersionExpiration or Expiration)

key

Required

Key of the tag

Type: string

value

Required

Value of the tag

Type: string