gofaas icon indicating copy to clipboard operation
gofaas copied to clipboard

Published 20 hours ago verified publisher icon nzoschke

Lambda@Edge and OAuth doc tweak?

Open stuartsan opened this issue 5 years ago • 1 comments

The docs about private static websites show a bucket configuration that implies usage of the website endpoint (WebsiteConfiguration):

Resources:
  WebBucket:
    Properties:
      BucketName: !Ref WebDomainName
      WebsiteConfiguration:
        ErrorDocument: 404.html
        IndexDocument: index.html
    Type: AWS::S3::Bucket

But the CloudFront distribution created there is not pointing at the website endpoint:

Origins:
          - DomainName: !Sub ${WebBucket}.s3.amazonaws.com
            Id: !Ref WebBucket
            S3OriginConfig:
              OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${WebOriginAccessIdentity}

Which, if I understand it correctly, is because accessing S3 objects through the website endpoint is incompatible with the origin access identity feature that is used here.

First, this is an awesome project, thank you! I found it to be very helpful.

Second, a question: is my reading accurate that WebsiteConfiguration is not really doing anything here? If so I think it would be helpful to remove it from the template to clarify that the WebsiteConfiguration and S3 website endpoint are incompatible with locking down access to the bucket in this way.

I'm happy to send a PR if it makes sense.

stuartsan avatar Mar 05 '19 19:03 stuartsan

Whether it makes sense or not I'd like to see a PR here.

jerryproductn avatar Dec 25 '19 10:12 jerryproductn