Skip to main content

Reference

@beesolve/efs-pre-signed-url/cdk

Contains EfsPreSignedUrl which will create AWS Lambda behind CloudFront distribution.

The AWS Lambda will have access to your EFS through AccessPoint which you need to provide. Lambda will be deployed to your VPC which you need to provide. The lambda handler is responsible for veryfing signature and serving files from EFS. We are using response streaming which has some limitations.

If you wish to add the service to your existing CloudFront Distribution you can provide it through properties.

You can also change some of AWS Lambda properties to suit your needs.

If you don't have private subnets in your VPC you should allow public subnet through handler.allowPublicSubnet option.

export interface EfsPreSignedUrlProps {
  /**
   * Your pre-shared secret used for generating HMAC signatures
   */
  readonly preSharedSecret: string;

  /**
   * AWS Lambda handler options
   */
  readonly handler?: {
    /**
     * @default 512
     */
    readonly memorySize?: number;
    /**
     * @default retention is set to RetentionDays.TWO_WEEKS
     */
    readonly logGroup?: LogGroupProps;
    /**
     * @default 25
     */
    readonly reservedConcurrentExecutions?: number;
    /**
     * @default Duration.minutes(5)
     */
    readonly timeout?: Duration;
  } & Pick<FunctionOptions, "allowPublicSubnet">;
  /**
   * VPC in which your EFS is located.
   */
  readonly vpc: IVpc;
  /**
   * Access point for accessing your EFS.
   *
   * We recommend to use READ-ONLY access eg. `444` permissions.
   */
  readonly accessPoint: AccessPoint;

  /**
   * By default we create Distribution for you.
   *
   * You can provide your own distribution with your certificates and domainNames
   * We will add behaviour to your existing distribution.
   */
  readonly distribution?: Distribution;
  /**
   * If you provide your own distribution you can provide also which path we should map the service to.
   *
   * @default "/v1/files*"
   */
  readonly distributionPathPattern?: string;
}

When you create instance of EfsPreSignedUrl it contains grantAccess method.

You can use this method to grant set up your Lambda handler so it can easily use our SDK.

@beesolve/efs-pre-signed-url/sdk

When you grant access for our SDK to your AWS Lambda handler you can easily use it within your code.

We recommend to initialize our client outside of Lambda handler so the instance can be reused between mutliple requests.

You can change the default expiration time of the pre-signed URL when you instantiate our client. When you don't provide this value by default pre-signed URLs will expire in 60 seconds.

import { EfsPreSignedUrlClient } from "@beesolve/efs-pre-signed-url/sdk";

const client = new EfsPreSignedUrlClient({
  defaultExpirationInSeconds: 10
});

The client exposes single method called toSignedUrl. You can override the default expiration time per pre-signed URL by providing second parameter.

client.toSignedUrl('path-to-your-efs-file', 20); // URL will expire in 20 seconds