CloudfrontConfig¶

Bases: BaseModel, NameValidationMixin, AwsTypesValidationMixin

Configuration model for AWS CloudFront distribution with multi-origin support.

Defines the complete structure and validation rules for CloudFront distributions supporting multiple origin types including S3 buckets, Application Load Balancers, and VPC origins. Enforces AWS requirements for SSL certificates, WAF integration, and Route53 DNS management with comprehensive origin validation.

The configuration requires a 'default' S3 origin and supports additional origins with unique path patterns for content routing and delivery optimization.

Attributes:

Name	Type	Description
`origins`	`Dict[str, CloudfrontOrigin]`	Dictionary of origin configurations with required 'default' S3 origin
`ssl_certificate_id`	`str`	SSL certificate ID located in us-east-1 for CloudFront
`web_acl_id`	`Optional[str]`	Optional AWS WAF Web ACL ID for security protection
`logs_bucket`	`Optional[Any]`	Optional S3 bucket for CloudFront access logging
`route53`	`Route53Config`	Route53 configuration for domain and DNS record management
`activate_additional_metrics`	`bool`	Wheter to enable additional metrics for the distribution

Source code in mare_aws_common_lib/models/cloudfront_config.py

class CloudfrontConfig(BaseModel, NameValidationMixin, AwsTypesValidationMixin):
    """Configuration model for AWS CloudFront distribution with multi-origin support.

    Defines the complete structure and validation rules for CloudFront distributions
    supporting multiple origin types including S3 buckets, Application Load Balancers,
    and VPC origins. Enforces AWS requirements for SSL certificates, WAF integration,
    and Route53 DNS management with comprehensive origin validation.

    The configuration requires a 'default' S3 origin and supports additional origins
    with unique path patterns for content routing and delivery optimization.

    Attributes:
        origins: Dictionary of origin configurations with required 'default' S3 origin
        ssl_certificate_id: SSL certificate ID located in us-east-1 for CloudFront
        web_acl_id: Optional AWS WAF Web ACL ID for security protection
        logs_bucket: Optional S3 bucket for CloudFront access logging
        route53: Route53 configuration for domain and DNS record management
        activate_additional_metrics: Wheter to enable additional metrics for the distribution 
    """

    model_config = ConfigDict(extra="forbid")

    origins: Dict[str, CloudfrontOrigin] = Field(..., description="Origin configurations - must include 'default' key for S3 origin")
    ssl_certificate_id: str = Field(..., description="SSL certificate ID (must be in us-east-1 for CloudFront)")
    web_acl_id: Optional[str] = Field(None, description="Web ACL ID for AWS WAF integration")
    logs_bucket: Optional[Any] = Field(None, description="S3 Bucket object (CDK construct) for loggging purposes")
    activate_additional_metrics: bool = Field(default=False, description="Whether to enable additional metrics for the Cloudfront distribution")

    route53: Route53Config = Field(..., description="Route 53 configuration for domain setup")

    class Typed:
        """Inner class, type-safe accessor for AWS CDK resources with proper typing.

        Provides strongly-typed access to AWS CDK resources for improved
        IDE support and type checking in CloudFront distribution configuration.
        """
        def __init__(self, config: 'CloudfrontConfig'):
            self._config = config

        @property
        def logs_bucket(self) -> 's3.IBucket':
            """S3 bucket for CloudFront access logs storage.

            Returns:
                Strongly-typed S3 bucket interface for logging configuration
            """
            return self._config.logs_bucket

    @property
    def typed(self) -> Typed:
        """Access to type-safe AWS CDK resource properties.

        Provides access to the Typed inner class for strongly-typed CDK resource
        references, improving IDE support and type checking capabilities.

        Returns:
            Typed accessor instance for CDK resource properties
        """
        if not hasattr(self, '_typed'):
            self._typed = self.Typed(self)
        return self._typed


    @field_validator("logs_bucket", mode="after")
    @classmethod
    def validate_logs_bucket(cls, value: Any) -> Any:
        """Validate S3 logs bucket CDK construct compatibility.

        Ensures the provided logs bucket object implements the required s3.IBucket
        interface for proper CloudFront logging integration and access control.

        Args:
            value: S3 bucket CDK construct for logging

        Returns:
            Validated S3 bucket construct or None if not provided

        Raises:
            ValueError: If bucket doesn't implement required interface
        """
        return cls.validate_bucket(value)

    @model_validator(mode="after")
    def validate_origins_structure(self) -> 'CloudfrontConfig':
        """Validate origins configuration structure and uniqueness constraints.

        Ensures the origins dictionary contains a required 'default' S3 origin
        and validates that all origin path patterns are unique to prevent
        routing conflicts in the CloudFront distribution configuration.

        Returns:
            Self after validation

        Raises:
            ValueError: If default S3 origin is missing, has wrong type, or path patterns conflict
        """
        if "default" not in self.origins:
            raise ValueError("'origins' must include a 'default' key for S3 bucket origin")

        default_origin = self.origins.get("default")
        if not isinstance(default_origin, S3OriginConfig):
            raise ValueError('Default origin must be an S3OriginConfig')

        # Validate path patterns don't conflict
        paths = []
        for key, origin in self.origins.items():
            if key != "default" and hasattr(origin, 'path'):
                paths.append(origin.path)

        if len(paths) != len(set(paths)):
            raise ValueError('Origin path patterns must be unique')

        return self

`typed` `property` ¶

Access to type-safe AWS CDK resource properties.

Provides access to the Typed inner class for strongly-typed CDK resource references, improving IDE support and type checking capabilities.

Returns:

Type	Description
`Typed`	Typed accessor instance for CDK resource properties

`Typed` ¶

Inner class, type-safe accessor for AWS CDK resources with proper typing.

Provides strongly-typed access to AWS CDK resources for improved IDE support and type checking in CloudFront distribution configuration.

Source code in mare_aws_common_lib/models/cloudfront_config.py

class Typed:
    """Inner class, type-safe accessor for AWS CDK resources with proper typing.

    Provides strongly-typed access to AWS CDK resources for improved
    IDE support and type checking in CloudFront distribution configuration.
    """
    def __init__(self, config: 'CloudfrontConfig'):
        self._config = config

    @property
    def logs_bucket(self) -> 's3.IBucket':
        """S3 bucket for CloudFront access logs storage.

        Returns:
            Strongly-typed S3 bucket interface for logging configuration
        """
        return self._config.logs_bucket

`logs_bucket` `property` ¶

S3 bucket for CloudFront access logs storage.

Returns:

Type	Description
`IBucket`	Strongly-typed S3 bucket interface for logging configuration

`validate_logs_bucket(value)` `classmethod` ¶

Validate S3 logs bucket CDK construct compatibility.

Ensures the provided logs bucket object implements the required s3.IBucket interface for proper CloudFront logging integration and access control.

Parameters:

Name	Type	Description	Default
`value`	`Any`	S3 bucket CDK construct for logging	required

Returns:

Type	Description
`Any`	Validated S3 bucket construct or None if not provided

Raises:

Type	Description
`ValueError`	If bucket doesn't implement required interface

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("logs_bucket", mode="after")
@classmethod
def validate_logs_bucket(cls, value: Any) -> Any:
    """Validate S3 logs bucket CDK construct compatibility.

    Ensures the provided logs bucket object implements the required s3.IBucket
    interface for proper CloudFront logging integration and access control.

    Args:
        value: S3 bucket CDK construct for logging

    Returns:
        Validated S3 bucket construct or None if not provided

    Raises:
        ValueError: If bucket doesn't implement required interface
    """
    return cls.validate_bucket(value)

`validate_origins_structure()` ¶

Validate origins configuration structure and uniqueness constraints.

Ensures the origins dictionary contains a required 'default' S3 origin and validates that all origin path patterns are unique to prevent routing conflicts in the CloudFront distribution configuration.

Returns:

Type	Description
`CloudfrontConfig`	Self after validation

Raises:

Type	Description
`ValueError`	If default S3 origin is missing, has wrong type, or path patterns conflict

Source code in mare_aws_common_lib/models/cloudfront_config.py

@model_validator(mode="after")
def validate_origins_structure(self) -> 'CloudfrontConfig':
    """Validate origins configuration structure and uniqueness constraints.

    Ensures the origins dictionary contains a required 'default' S3 origin
    and validates that all origin path patterns are unique to prevent
    routing conflicts in the CloudFront distribution configuration.

    Returns:
        Self after validation

    Raises:
        ValueError: If default S3 origin is missing, has wrong type, or path patterns conflict
    """
    if "default" not in self.origins:
        raise ValueError("'origins' must include a 'default' key for S3 bucket origin")

    default_origin = self.origins.get("default")
    if not isinstance(default_origin, S3OriginConfig):
        raise ValueError('Default origin must be an S3OriginConfig')

    # Validate path patterns don't conflict
    paths = []
    for key, origin in self.origins.items():
        if key != "default" and hasattr(origin, 'path'):
            paths.append(origin.path)

    if len(paths) != len(set(paths)):
        raise ValueError('Origin path patterns must be unique')

    return self

Example

from mare_aws_common_lib.models import CloudfrontConfig, S3OriginConfig, LoadBalancerOriginConfig, VpcOriginConfig, Route53Config

config = CloudfrontConfig(
    origins={
        # Required default S3 origin for static content
        "default": S3OriginConfig(
            name="static-assets",
            bucket=static_bucket,
            path="/assets",
            default_root_object="index.html"
        ),
        # API origin via Application Load Balancer
        "api": LoadBalancerOriginConfig(
            name="api-backend",
            path="/api/*",
            alb=api_alb,
            timeout=45
        ),
        # Private VPC origin for internal services
        "internal": VpcOriginConfig(
            name="internal-services",
            path="/internal/*",
            alb=api_alb,
            timeout=30
        )
    },
    ssl_certificate_id="12345678-1234-1234-1234-123456789012",
    web_acl_id="arn:aws:wafv2:us-east-1:123456789012:global/webacl/example/12345678-1234-1234-1234-123456789012",
    logs_bucket=logs_bucket,
    route53=Route53Config(
        hosted_zone_id="Z1234567890ABC",
        domain_name="mycompany.com"
    )

CloudfrontOrigin¶

CloudFront distributions support multiple origin types through a discriminated union:

`S3OriginConfig` ¶

Bases: BaseModel, AwsTypesValidationMixin, PathValidationMixin, NameValidationMixin

Configuration model for CloudFront S3 bucket origin.

Defines the structure and validation rules for S3 bucket origins in CloudFront distributions, supporting static content delivery with configurable path patterns and default root object settings for web applications and content hosting.

Attributes:

Name	Type	Description
`name`	`str`	Origin identifier for CloudFront distribution configuration
`origin_type`	`Literal['S3']`	Fixed literal value identifying this as an S3 origin
`bucket`	`Any`	S3 bucket CDK construct reference for content storage
`path`	`Optional[str]`	Optional path pattern for content routing within the bucket
`default_root_object`	`str`	Default file served for root requests to the origin

Source code in mare_aws_common_lib/models/cloudfront_config.py

class S3OriginConfig(BaseModel, AwsTypesValidationMixin, PathValidationMixin, NameValidationMixin):
    """Configuration model for CloudFront S3 bucket origin.

    Defines the structure and validation rules for S3 bucket origins in CloudFront
    distributions, supporting static content delivery with configurable path patterns
    and default root object settings for web applications and content hosting.

    Attributes:
        name: Origin identifier for CloudFront distribution configuration
        origin_type: Fixed literal value identifying this as an S3 origin
        bucket: S3 bucket CDK construct reference for content storage
        path: Optional path pattern for content routing within the bucket
        default_root_object: Default file served for root requests to the origin
    """
    model_config = ConfigDict(extra="forbid", arbitrary_types_allowed=True)

    name: str = Field(..., description="Origin identifier name")
    origin_type: Literal["S3"] = Field("S3", description="Must be S3_BUCKET")
    bucket: Any = Field(..., description="S3 Bucket object (CDK construct)")
    path: Optional[str] = Field(None, description="Path pattern for this origin")
    default_root_object: str = Field(default="index.html", description="Default root object for S3 origin")

    @field_validator("name")
    @classmethod
    def validate_origin_name(cls, value: str) -> str:
        """Validate the origin name using organizational naming standards.

        Applies origin-specific naming validation to ensure the name meets
        CloudFront origin identification requirements and organizational standards.

        Args:
            value: Raw origin name from configuration

        Returns:
            Validated origin name

        Raises:
            ValueError: If the origin name fails validation rules
        """
        return cls.validate_name(value, mode="ORIGIN")

    @field_validator("path")
    @classmethod
    def validate_path(cls, value: str) -> str:
        """Validate the path pattern format for S3 content routing.

        Ensures that any provided path pattern follows proper URL path conventions
        and CloudFront routing requirements for S3 bucket content access.

        Args:
            value: Raw path pattern from configuration

        Returns:
            Validated path pattern or None if not provided

        Raises:
            ValueError: If path pattern format is invalid
        """
        return cls.validate_path_pattern(value)

    @field_validator("bucket", mode="after")
    @classmethod
    def validate_s3_bucket(cls, value: Any) -> Any:
        """Validate S3 bucket CDK construct compatibility.

        Ensures the provided bucket object implements the required s3.IBucket
        interface for proper CloudFront origin integration and access control.

        Args:
            value: S3 bucket CDK construct

        Returns:
            Validated S3 bucket construct

        Raises:
            ValueError: If bucket doesn't implement required interface
        """
        return cls.validate_bucket(value)

`validate_origin_name(value)` `classmethod` ¶

Validate the origin name using organizational naming standards.

Applies origin-specific naming validation to ensure the name meets CloudFront origin identification requirements and organizational standards.

Parameters:

Name	Type	Description	Default
`value`	`str`	Raw origin name from configuration	required

Returns:

Type	Description
`str`	Validated origin name

Raises:

Type	Description
`ValueError`	If the origin name fails validation rules

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("name")
@classmethod
def validate_origin_name(cls, value: str) -> str:
    """Validate the origin name using organizational naming standards.

    Applies origin-specific naming validation to ensure the name meets
    CloudFront origin identification requirements and organizational standards.

    Args:
        value: Raw origin name from configuration

    Returns:
        Validated origin name

    Raises:
        ValueError: If the origin name fails validation rules
    """
    return cls.validate_name(value, mode="ORIGIN")

`validate_path(value)` `classmethod` ¶

Validate the path pattern format for S3 content routing.

Ensures that any provided path pattern follows proper URL path conventions and CloudFront routing requirements for S3 bucket content access.

Parameters:

Name	Type	Description	Default
`value`	`str`	Raw path pattern from configuration	required

Returns:

Type	Description
`str`	Validated path pattern or None if not provided

Raises:

Type	Description
`ValueError`	If path pattern format is invalid

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("path")
@classmethod
def validate_path(cls, value: str) -> str:
    """Validate the path pattern format for S3 content routing.

    Ensures that any provided path pattern follows proper URL path conventions
    and CloudFront routing requirements for S3 bucket content access.

    Args:
        value: Raw path pattern from configuration

    Returns:
        Validated path pattern or None if not provided

    Raises:
        ValueError: If path pattern format is invalid
    """
    return cls.validate_path_pattern(value)

`validate_s3_bucket(value)` `classmethod` ¶

Validate S3 bucket CDK construct compatibility.

Ensures the provided bucket object implements the required s3.IBucket interface for proper CloudFront origin integration and access control.

Parameters:

Name	Type	Description	Default
`value`	`Any`	S3 bucket CDK construct	required

Returns:

Type	Description
`Any`	Validated S3 bucket construct

Raises:

Type	Description
`ValueError`	If bucket doesn't implement required interface

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("bucket", mode="after")
@classmethod
def validate_s3_bucket(cls, value: Any) -> Any:
    """Validate S3 bucket CDK construct compatibility.

    Ensures the provided bucket object implements the required s3.IBucket
    interface for proper CloudFront origin integration and access control.

    Args:
        value: S3 bucket CDK construct

    Returns:
        Validated S3 bucket construct

    Raises:
        ValueError: If bucket doesn't implement required interface
    """
    return cls.validate_bucket(value)

Example

from mare_aws_common_lib.models import S3OriginConfig

config = S3OriginConfig(
    name="static-assets",
    bucket=static_bucket,
    path="/assets",
    default_root_object="index.html"
)

`LoadBalancerOriginConfig` ¶

Bases: BaseModel, AwsTypesValidationMixin, PathValidationMixin, NameValidationMixin

Configuration model for CloudFront Application Load Balancer origin.

Defines the structure and validation rules for ALB origins in CloudFront distributions, enabling dynamic content delivery through load balancer endpoints with configurable timeout settings and path-based routing.

Attributes:

Name	Type	Description
`name`	`str`	Origin identifier for CloudFront distribution configuration
`origin_type`	`Literal['LOAD_BALANCER']`	Fixed literal value identifying this as a load balancer origin
`path`	`str`	Path pattern for routing requests to this origin (e.g., '/api/*')
`alb`	`Any`	Application Load Balancer CDK construct reference
`timeout`	`int`	Origin response timeout in seconds (1-180, warnings >60)

Source code in mare_aws_common_lib/models/cloudfront_config.py

class LoadBalancerOriginConfig(BaseModel, AwsTypesValidationMixin, PathValidationMixin, NameValidationMixin):
    """Configuration model for CloudFront Application Load Balancer origin.

    Defines the structure and validation rules for ALB origins in CloudFront
    distributions, enabling dynamic content delivery through load balancer
    endpoints with configurable timeout settings and path-based routing.

    Attributes:
        name: Origin identifier for CloudFront distribution configuration
        origin_type: Fixed literal value identifying this as a load balancer origin
        path: Path pattern for routing requests to this origin (e.g., '/api/*')
        alb: Application Load Balancer CDK construct reference
        timeout: Origin response timeout in seconds (1-180, warnings >60)
    """
    model_config = ConfigDict(extra="forbid", arbitrary_types_allowed=True)

    name: str = Field(..., description="Origin identifier name")
    origin_type: Literal["LOAD_BALANCER"] = Field("LOAD_BALANCER", description="Must be LOAD_BALANCER")
    path: str = Field(..., description="Path pattern for this origin (e.g., '/api/*')")
    alb: Any = Field(..., description="Application Load Balancer object (CDK construct)")
    timeout: int = Field(default=30, description="How long Cloudfront waits for a response from the origin in seconds")

    @field_validator("name")
    @classmethod
    def validate_origin_name(cls, value: str) -> str:
        """Validate the origin name using organizational naming standards.

        Applies origin-specific naming validation to ensure the name meets
        CloudFront origin identification requirements and organizational standards.

        Args:
            value: Raw origin name from configuration

        Returns:
            Validated origin name

        Raises:
            ValueError: If the origin name fails validation rules
        """
        return cls.validate_name(value, mode="ORIGIN")

    @field_validator("path")
    @classmethod
    def validate_path(cls, value: str) -> str:
        """Validate the path pattern format for load balancer routing.

        Ensures the path pattern follows proper URL path conventions and
        CloudFront routing requirements for ALB backend integration.

        Args:
            value: Raw path pattern from configuration

        Returns:
            Validated path pattern

        Raises:
            ValueError: If path pattern format is invalid
        """
        return cls.validate_path_pattern(value)

    @field_validator("alb")
    @classmethod
    def validate_alb(cls, value: Any) -> Any:
        """Validate Application Load Balancer CDK construct compatibility.

        Ensures the provided ALB object implements the required interface
        for proper CloudFront origin integration and traffic forwarding.

        Args:
            value: Application Load Balancer CDK construct

        Returns:
            Validated ALB construct

        Raises:
            ValueError: If ALB doesn't implement required interface
        """
        return cls.validate_application_load_balancer(value)

    @field_validator("timeout")
    @classmethod
    def validate_timeout(cls, value: int) -> int:
        """Validate origin response timeout settings and AWS quota compliance.

        Ensures timeout values are within AWS CloudFront limits and provides
        warnings for values that require quota increase requests in the target
        AWS account for successful deployment.

        Args:
            value: Origin response timeout in seconds

        Returns:
            Validated timeout value

        Raises:
            ValueError: If timeout is outside allowed range (1-180 seconds)
        """
        if not (1 <= value <= 180):
            raise ValueError("'timeout' must be between 1 and 180 seconds")
        if value > 60:
            warnings.warn(
                f"⚠️ 'timeout' is set to {value}, which exceeds 60 seconds. This requires a limit increase request "
                "for the origin response timeout quota in the target AWS account."
            )
        return value

`validate_alb(value)` `classmethod` ¶

Validate Application Load Balancer CDK construct compatibility.

Ensures the provided ALB object implements the required interface for proper CloudFront origin integration and traffic forwarding.

Parameters:

Name	Type	Description	Default
`value`	`Any`	Application Load Balancer CDK construct	required

Returns:

Type	Description
`Any`	Validated ALB construct

Raises:

Type	Description
`ValueError`	If ALB doesn't implement required interface

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("alb")
@classmethod
def validate_alb(cls, value: Any) -> Any:
    """Validate Application Load Balancer CDK construct compatibility.

    Ensures the provided ALB object implements the required interface
    for proper CloudFront origin integration and traffic forwarding.

    Args:
        value: Application Load Balancer CDK construct

    Returns:
        Validated ALB construct

    Raises:
        ValueError: If ALB doesn't implement required interface
    """
    return cls.validate_application_load_balancer(value)

`validate_origin_name(value)` `classmethod` ¶

Validate the origin name using organizational naming standards.

Applies origin-specific naming validation to ensure the name meets CloudFront origin identification requirements and organizational standards.

Parameters:

Name	Type	Description	Default
`value`	`str`	Raw origin name from configuration	required

Returns:

Type	Description
`str`	Validated origin name

Raises:

Type	Description
`ValueError`	If the origin name fails validation rules

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("name")
@classmethod
def validate_origin_name(cls, value: str) -> str:
    """Validate the origin name using organizational naming standards.

    Applies origin-specific naming validation to ensure the name meets
    CloudFront origin identification requirements and organizational standards.

    Args:
        value: Raw origin name from configuration

    Returns:
        Validated origin name

    Raises:
        ValueError: If the origin name fails validation rules
    """
    return cls.validate_name(value, mode="ORIGIN")

`validate_path(value)` `classmethod` ¶

Validate the path pattern format for load balancer routing.

Ensures the path pattern follows proper URL path conventions and CloudFront routing requirements for ALB backend integration.

Parameters:

Name	Type	Description	Default
`value`	`str`	Raw path pattern from configuration	required

Returns:

Type	Description
`str`	Validated path pattern

Raises:

Type	Description
`ValueError`	If path pattern format is invalid

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("path")
@classmethod
def validate_path(cls, value: str) -> str:
    """Validate the path pattern format for load balancer routing.

    Ensures the path pattern follows proper URL path conventions and
    CloudFront routing requirements for ALB backend integration.

    Args:
        value: Raw path pattern from configuration

    Returns:
        Validated path pattern

    Raises:
        ValueError: If path pattern format is invalid
    """
    return cls.validate_path_pattern(value)

`validate_timeout(value)` `classmethod` ¶

Validate origin response timeout settings and AWS quota compliance.

Ensures timeout values are within AWS CloudFront limits and provides warnings for values that require quota increase requests in the target AWS account for successful deployment.

Parameters:

Name	Type	Description	Default
`value`	`int`	Origin response timeout in seconds	required

Returns:

Type	Description
`int`	Validated timeout value

Raises:

Type	Description
`ValueError`	If timeout is outside allowed range (1-180 seconds)

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("timeout")
@classmethod
def validate_timeout(cls, value: int) -> int:
    """Validate origin response timeout settings and AWS quota compliance.

    Ensures timeout values are within AWS CloudFront limits and provides
    warnings for values that require quota increase requests in the target
    AWS account for successful deployment.

    Args:
        value: Origin response timeout in seconds

    Returns:
        Validated timeout value

    Raises:
        ValueError: If timeout is outside allowed range (1-180 seconds)
    """
    if not (1 <= value <= 180):
        raise ValueError("'timeout' must be between 1 and 180 seconds")
    if value > 60:
        warnings.warn(
            f"⚠️ 'timeout' is set to {value}, which exceeds 60 seconds. This requires a limit increase request "
            "for the origin response timeout quota in the target AWS account."
        )
    return value

Example

from mare_aws_common_lib.models import LoadBalancerOriginConfig

config = LoadBalancerOriginConfig(
    name="api-backend",
    path="/api/*",
    alb=api_alb,
    timeout=45
)

`VpcOriginConfig` ¶

Bases: BaseModel, AwsTypesValidationMixin, PathValidationMixin, NameValidationMixin

Configuration model for CloudFront VPC origin with private load balancer.

Defines the structure and validation rules for VPC-based origins in CloudFront distributions, enabling private network integration through VPC origins for secure communication with internal load balancers and services.

Attributes:

Name	Type	Description
`name`	`str`	Origin identifier for CloudFront distribution configuration
`origin_type`	`Literal['VPC_ORIGIN']`	Fixed literal value identifying this as a VPC origin
`path`	`str`	Path pattern for routing requests to this origin (e.g., '/api/*')
`alb`	`Any`	Application Load Balancer CDK construct reference within VPC
`timeout`	`int`	Origin response timeout in seconds (1-180, warnings >60)

Source code in mare_aws_common_lib/models/cloudfront_config.py

class VpcOriginConfig(BaseModel, AwsTypesValidationMixin, PathValidationMixin, NameValidationMixin):
    """Configuration model for CloudFront VPC origin with private load balancer.

    Defines the structure and validation rules for VPC-based origins in CloudFront
    distributions, enabling private network integration through VPC origins for
    secure communication with internal load balancers and services.

    Attributes:
        name: Origin identifier for CloudFront distribution configuration
        origin_type: Fixed literal value identifying this as a VPC origin
        path: Path pattern for routing requests to this origin (e.g., '/api/*')
        alb: Application Load Balancer CDK construct reference within VPC
        timeout: Origin response timeout in seconds (1-180, warnings >60)
    """
    model_config = ConfigDict(extra="forbid", arbitrary_types_allowed=True)

    name: str = Field(..., description="Origin identifier name")
    origin_type: Literal["VPC_ORIGIN"] = Field("VPC_ORIGIN", description="Must be VPC_ORIGIN")
    path: str = Field(..., description="Path pattern for this origin (e.g., '/api/*')")
    alb: Any = Field(..., description="Application Load Balancer object (CDK construct)")
    timeout: int = Field(default=30, description="How long Cloudfront waits for a response from the origin in seconds")

    @field_validator("name")
    @classmethod
    def validate_origin_name(cls, value: str) -> str:
        """Validate the origin name using organizational naming standards.

        Applies origin-specific naming validation to ensure the name meets
        CloudFront origin identification requirements and organizational standards.

        Args:
            value: Raw origin name from configuration

        Returns:
            Validated origin name

        Raises:
            ValueError: If the origin name fails validation rules
        """
        return cls.validate_name(value, mode="ORIGIN")

    @field_validator("path")
    @classmethod
    def validate_path(cls, value: str) -> str:
        """Validate the path pattern format for VPC origin routing.

        Ensures the path pattern follows proper URL path conventions and
        CloudFront routing requirements for VPC-based backend integration.

        Args:
            value: Raw path pattern from configuration

        Returns:
            Validated path pattern

        Raises:
            ValueError: If path pattern format is invalid
        """
        return cls.validate_path_pattern(value)

    @field_validator("alb")
    @classmethod
    def validate_alb(cls, value: Any) -> Any:
        """Validate Application Load Balancer CDK construct compatibility.

        Ensures the provided ALB object implements the required interface
        for proper CloudFront VPC origin integration and private traffic routing.

        Args:
            value: Application Load Balancer CDK construct

        Returns:
            Validated ALB construct

        Raises:
            ValueError: If ALB doesn't implement required interface
        """
        return cls.validate_application_load_balancer(value)

    @field_validator("timeout")
    @classmethod
    def validate_timeout(cls, value: int) -> int:
        """Validate origin response timeout settings and AWS quota compliance.

        Ensures timeout values are within AWS CloudFront limits and provides
        warnings for values that require quota increase requests in the target
        AWS account for successful deployment.

        Args:
            value: Origin response timeout in seconds

        Returns:
            Validated timeout value

        Raises:
            ValueError: If timeout is outside allowed range (1-180 seconds)
        """
        if not (1 <= value <= 180):
            raise ValueError("'timeout' must be between 1 and 180 seconds")
        if value > 60:
            warnings.warn(
                f"⚠️ 'timeout' is set to {value}, which exceeds 60 seconds. This requires a limit increase request "
                "for the origin response timeout quota in the target AWS account."
            )
        return value

`validate_alb(value)` `classmethod` ¶

Validate Application Load Balancer CDK construct compatibility.

Ensures the provided ALB object implements the required interface for proper CloudFront VPC origin integration and private traffic routing.

Parameters:

Name	Type	Description	Default
`value`	`Any`	Application Load Balancer CDK construct	required

Returns:

Type	Description
`Any`	Validated ALB construct

Raises:

Type	Description
`ValueError`	If ALB doesn't implement required interface

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("alb")
@classmethod
def validate_alb(cls, value: Any) -> Any:
    """Validate Application Load Balancer CDK construct compatibility.

    Ensures the provided ALB object implements the required interface
    for proper CloudFront VPC origin integration and private traffic routing.

    Args:
        value: Application Load Balancer CDK construct

    Returns:
        Validated ALB construct

    Raises:
        ValueError: If ALB doesn't implement required interface
    """
    return cls.validate_application_load_balancer(value)

`validate_origin_name(value)` `classmethod` ¶

Validate the origin name using organizational naming standards.

Applies origin-specific naming validation to ensure the name meets CloudFront origin identification requirements and organizational standards.

Parameters:

Name	Type	Description	Default
`value`	`str`	Raw origin name from configuration	required

Returns:

Type	Description
`str`	Validated origin name

Raises:

Type	Description
`ValueError`	If the origin name fails validation rules

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("name")
@classmethod
def validate_origin_name(cls, value: str) -> str:
    """Validate the origin name using organizational naming standards.

    Applies origin-specific naming validation to ensure the name meets
    CloudFront origin identification requirements and organizational standards.

    Args:
        value: Raw origin name from configuration

    Returns:
        Validated origin name

    Raises:
        ValueError: If the origin name fails validation rules
    """
    return cls.validate_name(value, mode="ORIGIN")

`validate_path(value)` `classmethod` ¶

Validate the path pattern format for VPC origin routing.

Ensures the path pattern follows proper URL path conventions and CloudFront routing requirements for VPC-based backend integration.

Parameters:

Name	Type	Description	Default
`value`	`str`	Raw path pattern from configuration	required

Returns:

Type	Description
`str`	Validated path pattern

Raises:

Type	Description
`ValueError`	If path pattern format is invalid

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("path")
@classmethod
def validate_path(cls, value: str) -> str:
    """Validate the path pattern format for VPC origin routing.

    Ensures the path pattern follows proper URL path conventions and
    CloudFront routing requirements for VPC-based backend integration.

    Args:
        value: Raw path pattern from configuration

    Returns:
        Validated path pattern

    Raises:
        ValueError: If path pattern format is invalid
    """
    return cls.validate_path_pattern(value)

`validate_timeout(value)` `classmethod` ¶

Validate origin response timeout settings and AWS quota compliance.

Ensures timeout values are within AWS CloudFront limits and provides warnings for values that require quota increase requests in the target AWS account for successful deployment.

Parameters:

Name	Type	Description	Default
`value`	`int`	Origin response timeout in seconds	required

Returns:

Type	Description
`int`	Validated timeout value

Raises:

Type	Description
`ValueError`	If timeout is outside allowed range (1-180 seconds)

Source code in mare_aws_common_lib/models/cloudfront_config.py

@field_validator("timeout")
@classmethod
def validate_timeout(cls, value: int) -> int:
    """Validate origin response timeout settings and AWS quota compliance.

    Ensures timeout values are within AWS CloudFront limits and provides
    warnings for values that require quota increase requests in the target
    AWS account for successful deployment.

    Args:
        value: Origin response timeout in seconds

    Returns:
        Validated timeout value

    Raises:
        ValueError: If timeout is outside allowed range (1-180 seconds)
    """
    if not (1 <= value <= 180):
        raise ValueError("'timeout' must be between 1 and 180 seconds")
    if value > 60:
        warnings.warn(
            f"⚠️ 'timeout' is set to {value}, which exceeds 60 seconds. This requires a limit increase request "
            "for the origin response timeout quota in the target AWS account."
        )
    return value

Example

from mare_aws_common_lib.models import VpcOriginConfig

config = VpcOriginConfig(
    name="internal-services",
    path="/internal/*",
    alb=api_alb,
    timeout=30
)

CloudfrontConfig¶

typed property ¶

Typed ¶

logs_bucket property ¶

validate_logs_bucket(value) classmethod ¶

validate_origins_structure() ¶

CloudfrontOrigin¶

S3OriginConfig ¶

validate_origin_name(value) classmethod ¶

validate_path(value) classmethod ¶

validate_s3_bucket(value) classmethod ¶

LoadBalancerOriginConfig ¶

validate_alb(value) classmethod ¶

validate_origin_name(value) classmethod ¶

validate_path(value) classmethod ¶

validate_timeout(value) classmethod ¶

VpcOriginConfig ¶

validate_alb(value) classmethod ¶

validate_origin_name(value) classmethod ¶

validate_path(value) classmethod ¶

validate_timeout(value) classmethod ¶

`typed` `property` ¶

`Typed` ¶

`logs_bucket` `property` ¶

`validate_logs_bucket(value)` `classmethod` ¶

`validate_origins_structure()` ¶

`S3OriginConfig` ¶

`validate_origin_name(value)` `classmethod` ¶

`validate_path(value)` `classmethod` ¶

`validate_s3_bucket(value)` `classmethod` ¶

`LoadBalancerOriginConfig` ¶

`validate_alb(value)` `classmethod` ¶

`validate_origin_name(value)` `classmethod` ¶

`validate_path(value)` `classmethod` ¶

`validate_timeout(value)` `classmethod` ¶

`VpcOriginConfig` ¶

`validate_alb(value)` `classmethod` ¶

`validate_origin_name(value)` `classmethod` ¶

`validate_path(value)` `classmethod` ¶

`validate_timeout(value)` `classmethod` ¶