Class CpRestApi

CloudKitect Rest Api Pattern

Infrastructure Diagram

Rest Api Infrastructure

Default Configuration

Validated public certificate for the API domain Web Application Firewalls Cloudfront Distribution Note: This construct expects a HostedZone present in the same AWS account

Default Alarms

  1. Cert Expiration Alarm
    • Risk Level: High
    • Well Architected Pillar: Reliability
  2. API Gateway Server Error Alarm
    • Risk Level: Medium
    • Well Architected Pillar: Reliability, Performance
  3. Cloudwatch Total Error Rate Alarm
    • Risk Level: Low
    • Well Architected Pillar: Reliability

Note that the default alarm uses the WaAlarm construct, which sets up an alarm action to notify the SNS Topic AlarmEventsTopic by default.

Examples

Default Usage

new CpRestApi(this, "LogicalId", {
    cpDomainName: 'example.com'
});

Custom Configuration

new CpRestApi(this, "LogicalId", {
   cpDomainName: 'example.com'
   cpSubDomain: 'test-api'
});

Compliance

It addresses the following compliance requirements

  1. APIs CloudWatch Logs
    • Risk Level: Medium
    • Compliance: GDPR, APRA, MAS, NIST4
    • Well Architected Pillar: Operational Excellence, Performance
  2. Detailed Metrics
    • Risk Level: Medium
    • Compliance: MAS, NIST4
    • Well Architected Pillar: Operational Excellence, Performance
  3. Enable API Cache
    • Risk Level: Medium
    • Compliance: NIST4
    • Well Architected Pillar: Performance
  4. API Cache encryption
    • Risk Level: High
    • Compliance: NIST4
    • Well Architected Pillar: Security
  5. Limit Rest API access
    • Risk Level: Medium
    • Compliance: NA
    • Well Architected Pillar: Security
  6. Tracing Enabled
    • Risk Level: Low
    • Compliance: MAS, NIST4
    • Well Architected Pillar: Operational Excellence
  7. APIGW integrated with WAF
    • Risk Level: Medium
    • Compliance: NIST4
    • Well Architected Pillar: Security
  8. SSL certificate in use
    • Risk Level: Medium
    • Compliance: NIST4
    • Well Architected Pillar: Security
  9. Limit Rest API traffic from Cloudfront
    • Risk Level: Medium
    • Compliance: NA
    • Well Architected Pillar: Security
  10. Cloudfront origin should not use insecure protocols
    • Risk Level: Medium
    • Compliance: PCI, HIPAA, APRA, MAS, NIST4
    • Well Architected Pillar: Security
  11. Cloudfront logging enabled
    • Risk Level: Low
    • Compliance: PCI, HIPAA, GDPR, APRA, NIST4
    • Well Architected Pillar: Operational Excellence
  12. Cloudfront uses enhanced security policy min TLS1.2
    • Risk Level: High
    • Compliance: PCI, HIPAA, MAS, NIST4
    • Well Architected Pillar: Security
  13. Cloudfront uses only secure protocol to communicate with origin
    • Risk Level: Medium
    • Compliance: PCI, HIPAA, APRA, MAS, NIST4
    • Well Architected Pillar: Security
  14. Cloudfront uses only secure protocol to communicate with end users
    • Risk Level: High
    • Compliance: PCI, HIPAA, NIST4
    • Well Architected Pillar: Security
  15. Cloudfront integrated with WAF
    • Risk Level: Medium
    • Compliance: PCI, NIST4
    • Well Architected Pillar: Security
  16. Environment aware
    • Risk Level: Medium
    • Compliance: NA
    • Well Architected Pillar: Cost Optimization

Hierarchy

  • Construct
    • CpRestApi

Constructors

constructor

Properties

api apigwWaf? cfWaf? cloudFront

Constructors

constructor

  • new CpRestApi(scope, id, props): CpRestApi

  • Parameters

    Returns CpRestApi

Properties

Readonly api

api: CcRestApi

API Gateway used in this construct

Optional Readonly apigwWaf

apigwWaf?: CcApiGatewayWaf

APIGateway WAF used in this construct

Optional Readonly cfWaf

cfWaf?: CcCloudfrontWaf

CloudFront WAF used in this construct

Readonly cloudFront

cloudFront: CcDistribution

CloudFront distribution used in this construct

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc