Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the rules publication Terraform configuration #742

Merged
merged 5 commits into from
Dec 29, 2023
Merged

Fix the rules publication Terraform configuration #742

merged 5 commits into from
Dec 29, 2023

Commits on Dec 29, 2023

  1. Remove rules bucket static website configuration 

    Since we are serving this content with a CloudFront distribution now we
no longer need the S3 bucket configured as a static website.
    @mcdonnnj
    mcdonnnj committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    d6868d2 View commit details
    Browse the repository at this point in the history

  2. Add a OAI for the CloudFront distribution 

    Create an Origin Access Identity and configure the CloudFront
distribution for the rules bucket to use the newly created OAI.
    @mcdonnnj
    mcdonnnj committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    45c0e7c View commit details
    Browse the repository at this point in the history

  3. Add a policy to the rules bucket 

    Add a policy that will allow the CloudFront distribution to read from
the rules bucket. This should allow hte distribution to correctly
access the bucket's contents even though it is completely private.
    @mcdonnnj
    mcdonnnj committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    903ddb6 View commit details
    Browse the repository at this point in the history

  4. Adjust egress publication script to remove ACL configuration 

    The bucket that is storing these lists is now set to disallow any ACLs
or policies that allow public access. Attempting to set an object that
has been uploaded to `public-read` will throw an authorization error as
a result.
    @mcdonnnj
    mcdonnnj committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    ad3435b View commit details
    Browse the repository at this point in the history

  5. Use Origin Access Control instead of Origin Access Identity 

    Origin Access Control is the newer, improved way to secure S3 origins
when using CloudFront. Since it effectively replaces Origin Access
Identity it makes sense to use it instead.
    @mcdonnnj
    mcdonnnj committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    0904ddd View commit details
    Browse the repository at this point in the history