[aws-cloudfront & aws-cloudfront-origins] Adding an existing bucket as an S3Origin
See original GitHub issue❓ General Issue
Hello, @njlynch. I’ve been trying to use the new cloudformation.Distribution
L2 constructor. I’m trying to replicate what aws-solutions-constructs is did with their L3 constructs while waiting for their official support/rewrite.
I’ve noticed that the new S3Origin
construct in aws-cloudfront-origins
creates OriginAccessIdentity
under the hood for the cloudfront distro, but that OAI is not accessible (unless using hatch escape technique) to apply it to the existing (or brand new) s3 bucket through bucket policy. Should the new Distribution
auto-magically try to update bucket policy and try to apply OAI to the provided s3 bucket? Is this in the works by any chance?
Or… perhaps if OAI should be exposed through S3Origin
or Distribution
constructs?
import * as s3 from '@aws-cdk/aws-s3';
import * as cloudfront from '@aws-cdk/aws-cloudfront';
import * as origins from '@aws-cdk/aws-cloudfront-origins';
...
const s3LogBucket = s3.Bucket.fromBucketName(this, "logs-bucket", `log-bucket-${props.env.account}`);
const contentBucket = s3.Bucket.fromBucketName(this, "static-bucket", `static-content-${props.env.account}`);
const certificate = acm.Certificate.fromCertificateArn(
this,
"certificate",
`arn:aws:acm:us-east-2:${props.env.account}:certificate/40cdd40c-a3f4-4131-9643-1234567890`
);
const distro = new cloudfront.Distribution(this, "cf-distro", {
defaultBehavior: {
origin: new origins.S3Origin(contentBucket),
allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
},
certificate,
logBucket: s3LogBucket,
logFilePrefix: `AWSLogs/${props.env.account}/cloudfront/`,
defaultRootObject: "index.html",
priceClass: cloudfront.PriceClass.PRICE_CLASS_100
});
Error I’m getting when trying to access the CF distro.
Environment
- CDK CLI Version: 1.59.0 (build 1d082f4)
- Module Version: 1.59.0 (build 1d082f4)
- Node.js Version: v14.8.0
- OS: OSX Mojave
- Language (Version): TypeScript (3.8.3)
Other information
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (5 by maintainers)
Sure. I’ve opened #9859 to track the feature request. Pull requests welcome! Closing this issue out in favor of the feature request.
@njlynch Upon further experimenting… I’ve noticed that if I’m creating new bucket from the scratch, CloudFront distribution will update bucket policies with newly created OAI information.
However, If I try and use existing bucket, no bucket policies are being added.