https://github.com/exanubes/cloudfront-with-oai-and-s3

Example application to demonstrate how to use CloudFront's Origin Access Identity to protect S3 content from being accessed directly.
https://github.com/exanubes/cloudfront-with-oai-and-s3

cloudfront oai origin-access-identity s3

Last synced: 4 months ago
JSON representation

Example application to demonstrate how to use CloudFront's Origin Access Identity to protect S3 content from being accessed directly.

• Host: GitHub
• URL: https://github.com/exanubes/cloudfront-with-oai-and-s3
• Owner: exanubes
• Created: 2024-02-13T18:59:08.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2024-03-06T21:32:11.000Z (over 1 year ago)
• Last Synced: 2025-01-17T01:18:09.199Z (6 months ago)
• Topics: cloudfront, oai, origin-access-identity, s3
• Language: JavaScript
• Homepage:
• Size: 454 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# CloudFront with OAI and S3

Example application to demonstrate how to use CloudFront's Origin Access Identity to 

protect S3 content from being accessed directly.

![diagram.png](diagram.png)

The project uses AWS CDK to provision an ALIAS record for the `DOMAIN_NAME` and points it to a CloudFront distribution.

A private S3 bucket with static site files is configured as a CloudFront Origin and used as the default behaviour with OAI attached.

A bucket policy is defined to only allow access to the Origin Access Identity.

The CloudFront behaviour is configured with a Lambda@edge on `Viewer Request` to ensure appropriate routing to static files.

Website files are uploaded to the s3 bucket during the infrastructure provisioning.

## Setup

Repository is split into two directories - `app` and `infrastructure`.

All commands are runnable from the root of the repository.

| Script           | Description                                                        |

|------------------|--------------------------------------------------------------------|

| npm start        | Starts the Node.js server                                          |

| npm run setup    | Installs all dependencies for project root, app and infrastructure |

| npm run synth    | Synthesizes the CDK stack                                          |

| npm run deploy   | Deploys the CDK stack                                              |

| npm run destroy  | Destroys the CDK stack                                             |

| npm run cleanup  | Removes all node_modules from project root, app and infrastructure |