Create a CloudFront distribution to S3 using OAI.
from constructs import Construct
from aws_cdk import (
RemovalPolicy,
aws_s3 as s3,
aws_s3_deployment as s3deploy,
aws_cloudfront as cloudfront,
aws_cloudfront_origins as origins
)
class S3CloudFrontOAI(Construct):
def __init__(self, scope: Construct, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
website_bucket = s3.Bucket(
self,
"My-Website-Bucket",
removal_policy=RemovalPolicy.DESTROY,
auto_delete_objects=True,
encryption=s3.BucketEncryption.KMS,
enforce_ssl=True,
versioned=True
)
website_bucket.add_cors_rule(
allowed_methods=[s3.HttpMethods.GET],
allowed_origins=["*"],
allowed_headers=["*"],
exposed_headers=["Access-Control-Allow-Origin"]
)
oai = cloudfront.OriginAccessIdentity(
self,
"My-OAI",
comment="My OAI for the S3 Website"
)
website_bucket.grant_read(oai)
cd = cloudfront.Distribution(self, "myCloudFrontDistribution",
default_root_object='index.html',
default_behavior=cloudfront.BehaviorOptions(
origin=origins.S3Origin(website_bucket, origin_access_identity=oai),
origin_request_policy=cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
response_headers_policy=cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
cache_policy=cloudfront.CachePolicy.CACHING_OPTIMIZED,
allowed_methods=cloudfront.AllowedMethods.ALLOW_ALL
)
)
git clone https://github.com/aws-samples/serverless-patternscd serverless-patterns/s3-cloudfront-oai-cdk-python