SsrSite: Enable support for Origin Shield on CloudFront origins
leclairmael opened this issue · comments
Origin Shield is a CloudFront feature that can be very helpful to improve cache hit ratio, performance and/or reduce load on the origin.
In the context of a SsrSite
, this feature only makes sense when deploying in regional mode.
API
regional?: {
originShield?: ('s3' | 'function' | 'image-optimization-function')[]
}
Origin Shield can be enabled on an origin type basis; depending on each use case it may or may not make sense to enable it for each origin type. This also provides stability if new origin types are added.
The Origin Shield region should be the same as the one the app is deployed to.
Steps
- Validate initial proposal
- Implement: make all origins configurable with the
regional.originShield
prop - Test: ensure the CloudFront origins are properly configured upon creation/update
- Test: ensure Origin Shield is disabled when removing the prop after initial creation
- Test: ensure the proper region is used when enabling Origin Shield
- Doc: add examples and API information
How do you do this in CDK on a CloudFront distribution?
@jayair basically something like this:
distribution: {
additionalBehaviors: {
'/path': {
origin: new HttpOrigin(url, {
originShieldEnabled: true,
originShieldRegion: 'us-east-1',
})
}
}
}
I wonder if you could configure it with the plan
option, for example: https://docs.sst.dev/constructs/NextjsSite#configuring-basic-auth
@jayair I'm pretty sure it's not possible, because origins in SsrSite
are created like this:
function createFunctionOrigin(props: FunctionOriginConfig) {
// ...
return new HttpOrigin(Fn.parseDomainName(fnUrl.url), {
readTimeout:
typeof timeout === "string"
? toCdkDuration(timeout)
: CdkDuration.seconds(timeout),
});
}
function createImageOptimizationFunctionOrigin(
props: ImageOptimizationFunctionOriginConfig
) {
// ...
return new HttpOrigin(Fn.parseDomainName(fnUrl.url));
}
So there's no way to pass any custom options to HttpOrigin
.
And createOrigins()
is called after the plan is already transformed.