Skip to content
Alchemy
GitHubXDiscord

VpcOrigin

The VpcOrigin resource allows you to manage AWS CloudFront VpcOrigins for serving content from Amazon VPC endpoints.

Minimal Example

Section titled “Minimal Example”

Create a basic VpcOrigin with the required properties and a common optional tag.

import AWS from "alchemy/aws/control";


const vpcOrigin = await AWS.CloudFront.VpcOrigin("myVpcOrigin", {
  VpcOriginEndpointConfig: {
    endpoint: "my-vpc-endpoint.amazonaws.com",
    originPath: "/path/to/content",
    customOriginConfig: {
      httpPort: 80,
      httpsPort: 443,
      originProtocolPolicy: "https-only"
    }
  },
  Tags: [
    {
      Key: "Environment",
      Value: "Production"
    }
  ]
});

Advanced Configuration

Section titled “Advanced Configuration”

Customize the VpcOrigin with additional settings for performance and security.

const advancedVpcOrigin = await AWS.CloudFront.VpcOrigin("advancedVpcOrigin", {
  VpcOriginEndpointConfig: {
    endpoint: "secure-vpc-endpoint.amazonaws.com",
    originPath: "/secure-content",
    customOriginConfig: {
      httpPort: 80,
      httpsPort: 443,
      originProtocolPolicy: "match-viewer",
      originSslProtocols: {
        items: ["TLSv1.2"],
        quantity: 1
      }
    }
  },
  Tags: [
    {
      Key: "Project",
      Value: "MyProject"
    }
  ],
  adopt: true
});

Secured Access with IAM Policies

Section titled “Secured Access with IAM Policies”

Define IAM policies to control access to your VpcOrigin.

const vpcOriginWithPolicy = await AWS.CloudFront.VpcOrigin("securedVpcOrigin", {
  VpcOriginEndpointConfig: {
    endpoint: "protected-vpc-endpoint.amazonaws.com",
    originPath: "/protected-content",
    customOriginConfig: {
      httpPort: 80,
      httpsPort: 443,
      originProtocolPolicy: "https-only"
    }
  },
  Tags: [
    {
      Key: "Access",
      Value: "Restricted"
    }
  ],
  adopt: false
});


// Example IAM Policy
const iamPolicy = {
  Version: "2012-10-17",
  Statement: [
    {
      Effect: "Allow",
      Action: "cloudfront:GetDistribution",
      Resource: "*"
    }
  ]
};

Handling Multiple Origins

Section titled “Handling Multiple Origins”

Set up multiple VpcOrigins for different content sources.

const primaryVpcOrigin = await AWS.CloudFront.VpcOrigin("primaryVpcOrigin", {
  VpcOriginEndpointConfig: {
    endpoint: "primary-vpc-endpoint.amazonaws.com",
    originPath: "/primary-content"
  }
});


const secondaryVpcOrigin = await AWS.CloudFront.VpcOrigin("secondaryVpcOrigin", {
  VpcOriginEndpointConfig: {
    endpoint: "secondary-vpc-endpoint.amazonaws.com",
    originPath: "/secondary-content"
  }
});