chore(kb/jq): add source

2026-02-09 05:44:23 +00:00 · 2025-03-08 21:32:53 +01:00
parent 7f6856568b
commit 844941947b
3 changed files with 265 additions and 24 deletions
--- a/computing/aws/README.md
+++ b/computing/aws/README.md
@@ -5,7 +5,6 @@
   1. [Elastic IP addresses](#elastic-ip-addresses)
 1. [Services](#services)
   1. [Billing and Cost Management](#billing-and-cost-management)
   1. [CloudFront](#cloudfront)
   1. [CloudWatch](#cloudwatch)
   1. [Config](#config)
   1. [Detective](#detective)
@@ -122,28 +121,6 @@ Costs can be grouped by Tags applied on resources.<br/>
 Tags to use for this kind of grouping need to be activated in the _Cost allocation tags_ section.<br/>
 New tags might take 24 or 48 hours to appear there.
 ### CloudFront
 Web service speeding up distribution of static and dynamic web content such as `.html`, `.css`, `.js`, and image files.
 Caches web content from one's defined _origins_ and delivers it through edge locations.<br/>
 When requesting content served with CloudFront, requests are routed to the edge location with the lowest latency for the
 client.
 If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.<br/>
 If the content is not in that edge location, CloudFront retrieves it from the _origin_ defined for it.
 _Origins_ are location where the original version of one's content is stored.<br/>
 They can be S3 buckets, MediaPackage channels, or HTTP servers.<br/>
 Each distribution can have by default up to 25 origins.
 1. Set up one or more origins so that they serve their content normally.
 1. Create a CloudFront Distribution.<br/>
   This usually takes 15 to 30 minutes.
 1. \[optional] Avoid using the provided Distribution's domain name by:
   1. Configuring alternate domain names so that the Distribution accepts requests for those aliases, **and**
   1. Creating DNS records of type CNAME pointing to the provided Distribution's domain name.
 ### CloudWatch
 Observability service. with functions for logging, monitoring and alerting.
@@ -652,7 +629,6 @@ machine if not.
 <!-- In-article sections -->
 [billing and cost management]: #billing-and-cost-management
 [cloudfront]: #cloudfront
 [cloudwatch]: #cloudwatch
 [config]: #config
 [detective]: #detective
@@ -665,6 +641,7 @@ machine if not.
 <!-- Knowledge base -->
 [cli]: cli.md
 [cloudfront]: cloudfront.md
 [ec2]: ec2.md
 [ecr]: ecr.md
 [ecs]: ecs.md
--- a/computing/aws/cloudfront.md
+++ b/computing/aws/cloudfront.md
@@ -0,0 +1,262 @@
 # CloudFront
 Web service speeding up distribution of static and dynamic web content such as `.html`, `.css`, `.js`, and image files.
 1. [TL;DR](#tldr)
 1. [Edge functions](#edge-functions)
 1. [Further readings](#further-readings)
   1. [Sources](#sources)
 ## TL;DR
 <details style="padding-bottom: 1em;">
  <summary>Glossary</summary>
 | Term         | Summary                                                        |
 | ------------ | -------------------------------------------------------------- |
 | Distribution | FIXME                                                          |
 | Origin       | Location where the original version of one's content is stored |
 | Viewer       | End user or otherwise client that make requests                |
 </details>
 Caches web content from one's defined _origins_ and delivers it through edge locations.<br/>
 When requesting content served with CloudFront, requests are routed to the edge location with the lowest latency for the
 client.
 If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.<br/>
 If the content is not in that edge location, CloudFront retrieves it from the _origin_ defined for it.
 Origins can be S3 buckets, MediaPackage channels, or HTTP servers.<br/>
 Each distribution can have by default up to 25 origins.
 Every origin that is **not** an AWS service is a _custom origin_.<br/>
 Custom origins **require** configuring their ports' and protocols' settings.
 <details>
  <summary>Create Distributions</summary>
 1. Set up one or more origins so that they serve their content normally.
 1. Create a CloudFront Distribution.<br/>
   This usually takes 15 to 30 minutes.
 </details>
 <details style="padding: 0 0 1em 0;">
  <summary>[optional] Avoid using the provided Distribution's domain name</summary>
 1. Configure _alternate domain names_ so that the Distribution accepts requests for those aliases.
 1. Provide a SSL/TLS certificate for the alternate domain names.
 1. Create DNS records of type CNAME pointing to the provided Distribution's domain name.
 Adding the SSL/TLS certificate verifies the requirement that one owns the domain name or has authorization to use it.
 </details>
 One **cannot** configure CloudFront to add specific headers to requests that it forwards to origins.<br/>
 Refer [Custom headers that CloudFront can't add to origin requests] for the updated list.
 <details style="padding: 0 0 1em 1em;">
 - `Cache-Control`
 - `Connection`
 - `Content-Length`
 - `Cookie`
 - `Host`
 - `If-Match`
 - `If-Modified-Since`
 - `If-None-Match`
 - `If-Range`
 - `If-Unmodified-Since`
 - `Max-Forwards`
 - `Pragma`
 - `Proxy-Authenticate`
 - `Proxy-Authorization`
 - `Proxy-Connection`
 - `Range`
 - `Request-Range`
 - `TE`
 - `Trailer`
 - `Transfer-Encoding`
 - `Upgrade`
 - `Via`
 - `Headers that begin with X-Amz-`
 - `Headers that begin with X-Edge-`
 - `X-Real-Ip`
 </details>
 To make changes to _those_ headers, leverage [edge functions].
 When deleting an origin, first edit or delete all cache behaviors that are associated with that origin.
 ## Edge functions
 Refer [Customize at the edge with functions].
 Code that one writes and attaches to one or more CloudFront distributions.<br/>
 It customizes how attached CloudFront distributions process HTTP requests and responses.<br/>
 Examples include manipulating requests and responses flowing through CloudFront, performing basic authentication and
 authorization, and generating HTTP responses at the edge.
 The functions run close to viewers to minimize latency.<br/>
 One will **not** need to manage servers or other infrastructure for them.
 Functions are served as:
 - _CloudFront Functions_: lightweight functions in JavaScript executed as a native feature of CloudFront.<br/>
  They offer sub-millisecond startup times, immediate scale-up to millions of requests per second, execution in a highly
  secure environment, and code development entirely within CloudFront.<br/>
  Those functions are supposed to be **simple** and **lightweight**.
 - _Lambda@Edge_: extension of the Lambda service.<br/>
  It offers computing for **complex** functions and **full** application logic closer to viewers, executed in a highly
  secure environment.<br/>
  Those functions can run in Node.js or Python runtime environments, and are replicated to all regions when associated
  with a distribution.
 If running AWS WAF on CloudFront, one can use WAF's inserted headers for both CloudFront Functions and Lambda@Edge.<br/>
 This works for both viewer and origin, both for requests and responses.
 Each event type (_viewer request_, _origin request_, _origin response_, and _viewer response_) can be associated to
 **one and only one** edge function.
 One **cannot** combine CloudFront Functions and Lambda@Edge in _viewer_ events.
 CloudFront does **not** invoke edge functions for _viewer response_ events when the origin returns HTTP status code 400
 or higher.<br/>
 Lambda@Edge functions for _origin response_ events are invoked for **all** origin responses, including when the origin
 returns HTTP status code 400 or higher.
 Certain HTTP headers are **not** exposed to edge functions, and functions **cannot** add them.<br/>
 Should a function add such a _disallowed header_, requests will fail CloudFront's validation and CloudFront will return
 HTTP status code 502 (Bad Gateway) to the viewer.
 Certain headers are _can_ be read by functions, but functions **cannot** add, modify, nor delete them.<br/>
 Should a function add or edit such a _read-only header_, requests will fail CloudFront's validation and CloudFront will
 return HTTP status code 502 (Bad Gateway) to the viewer.<br/>
 `Host` is one of those headers.
 Refer [Restrictions on all edge functions - HTTP headers] for the updated list of disallowed and read-only headers.
 <details style="padding-left: 1em;">
  <details style="padding-left: 1em;">
    <summary>Disallowed headers</summary>
 For all function types:
 - `Connection`
 - `Expect`
 - `Keep-Alive`
 - `Proxy-Authenticate`
 - `Proxy-Authorization`
 - `Proxy-Connection`
 - `Trailer`
 - `Upgrade`
 - `X-Accel-Buffering`
 - `X-Accel-Charset`
 - `X-Accel-Limit-Rate`
 - `X-Accel-Redirect`
 - `X-Amz-Cf-*`
 - `X-Amzn-Auth`
 - `X-Amzn-Cf-Billing`
 - `X-Amzn-Cf-Id`
 - `X-Amzn-Cf-Xff`
 - `X-Amzn-Errortype`
 - `X-Amzn-Fle-Profile`
 - `X-Amzn-Header-Count`
 - `X-Amzn-Header-Order`
 - `X-Amzn-Lambda-Integration-Tag`
 - `X-Amzn-RequestId`
 - `X-Cache`
 - `X-Edge-*`
 - `X-Forwarded-Proto`
 - `X-Real-IP`
  </details>
  <details style="padding-left: 1em;">
    <summary>Read-only headers</summary>
    <details style="padding-left: 1em;">
      <summary>In <i>viewer request</i> events</summary>
 For all function types:
 - `Content-Length`
 - `Host`
 - `Transfer-Encoding`
 - `Via`
    </details>
    <details style="padding-left: 1em;">
      <summary>In <i>viewer response</i> events</summary>
 For all function types:
 - `Warning`
 - `Via`
 Lambda@Edge only:
 - `Content-Length`
 - `Content-Encoding`
 - `Transfer-Encoding`
    </details>
    <details style="padding-left: 1em;">
      <summary>In <i>origin request</i> events</summary>
 Lambda@Edge only:
 - `Accept-Encoding`
 - `Content-Length`
 - `If-Modified-Since`
 - `If-None-Match`
 - `If-Range`
 - `If-Unmodified-Since`
 - `Transfer-Encoding`
 - `Via`
    </details>
    <details style="padding-left: 1em;">
      <summary>In <i>origin response</i> events</summary>
 Lambda@Edge only:
 - `Transfer-Encoding`
 - `Via`
    </details>
  </details>
 </details>
 ## Further readings
 ### Sources
 - [Customize at the edge with functions]
 - [Restrictions on all edge functions]
 <!--
  Reference
  ═╬═Time══
  -->
 <!-- In-article sections -->
 [edge functions]: #edge-functions
 <!-- Knowledge base -->
 <!-- Files -->
 <!-- Upstream -->
 [custom headers that cloudfront can't add to origin requests]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html#add-origin-custom-headers-denylist
 [customize at the edge with functions]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions.html
 [restrictions on all edge functions - http headers]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-function-restrictions-all.html#function-restrictions-headers
 [restrictions on all edge functions]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-function-restrictions-all.html
 <!-- Others -->
--- a/base/jq.md
+++ b/base/jq.md
@@ -148,6 +148,7 @@ yq -e '(.backend.url|test("^file://")?)|not' 'Pulumi.yaml'
 - [Deleting multiple keys at once with jq]
 - [Remove all null values]
 - [jq: select where .attribute in list]
 - [An Introduction to JQ]
 <!--
  Reference
@@ -155,6 +156,7 @@ yq -e '(.backend.url|test("^file://")?)|not' 'Pulumi.yaml'
  -->
 <!-- Others -->
 [an introduction to jq]: https://earthly.dev/blog/jq-select/
 [change multiple values at once]: https://stackoverflow.com/questions/47355901/jq-change-multiple-values#47357956
 [deleting multiple keys at once with jq]: https://stackoverflow.com/questions/36227245/deleting-multiple-keys-at-once-with-jq
 [filter objects list with regex]: https://til.hashrocket.com/posts/uv0bjiokwk-use-jq-to-filter-objects-list-with-regex