Skip to content

s3-cloudfront-oac-cdk-python: Update aws-cdk-lib and migrate OAI to OAC#3209

Open
kakakakakku wants to merge 7 commits into
aws-samples:mainfrom
kakakakakku:s3-cloudfront-oai-cdk-python
Open

s3-cloudfront-oac-cdk-python: Update aws-cdk-lib and migrate OAI to OAC#3209
kakakakakku wants to merge 7 commits into
aws-samples:mainfrom
kakakakakku:s3-cloudfront-oai-cdk-python

Conversation

@kakakakakku

Copy link
Copy Markdown
Contributor

Issue #, if available:
N/A

Description of changes:
Hi😀 Thanks for the useful patterns!

Note

This PR renames the pattern directory from s3-cloudfront-oai-cdk-python to s3-cloudfront-oac-cdk-python.

I migrated this pattern from OAI to OAC, which AWS now recommends. I also restructured it as a deployable CDK app so that users can try it out with cdk deploy instead of copying the construct file into their own project.

I'll add details as inline comments👍

Check

cdk deploy completed successfully and works good.

$ cdk deploy

(snip)

 ✅  S3CloudFrontOACStack

✨  Deployment time: 441.97s

Outputs:
S3CloudFrontOACStack.s3hostedwebsiteDistributionDomainName2EE89FA6 = dm0kvu34wqb3x.cloudfront.net
S3CloudFrontOACStack.s3hostedwebsiteDistributionIdBC65D226 = E17FYPV03KO8NA
Stack ARN:
arn:aws:cloudformation:ap-northeast-1:000000000000:stack/S3CloudFrontOACStack/fba63580-7693-11f1-9fd0-0a64c23b7815

✨  Total time: 443.07s
image

Thank you😀


By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

<h1>Hello from S3 + CloudFront!</h1>
<p>This page is served from a private S3 bucket through CloudFront using Origin Access Control (OAC).</p>
</body>
</html>

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: The CDK code specifies index.html as the default_root_object, but the file itself did not exist in the pattern, so I added it.

removal_policy=RemovalPolicy.DESTROY,
auto_delete_objects=True,
encryption=s3.BucketEncryption.KMS,
encryption=s3.BucketEncryption.S3_MANAGED,

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: To keep the pattern cost-effective and easy to try out, I changed the bucket encryption from KMS to S3 managed encryption.

default_behavior=cloudfront.BehaviorOptions(
origin=origins.S3Origin(website_bucket, origin_access_identity=oai),
origin_request_policy=cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
origin=origins.S3BucketOrigin.with_origin_access_control(website_bucket),

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: Migrated from OAI to OAC here, since S3Origin with OriginAccessIdentity is now deprecated.

destination_bucket=website_bucket,
distribution=distribution,
distribution_paths=["/*"]
)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: Since I added index.html, this deploys it to the S3 bucket.

app = cdk.App()
stack = cdk.Stack(app, "S3CloudFrontOACStack")
S3CloudFrontOAC(stack, "s3-hosted-website")
app.synth()

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: The original setup seemed to expect users to move the provided file into their own CDK project to run it, but this differs from the other patterns and I don't think it works as a standalone pattern. I improved the CDK implementation so that it can be deployed on its own😀

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: I wanted to update the OAI label to OAC in diagram.PNG, but only the image was committed. So I recreated it with draw.io and committed both the image and the draw.io file together. This should make it easier to maintain going forward 🎉

----
Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved.

SPDX-License-Identifier: MIT-0

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: I rewrote the README based on s3-sqs-cdk, with more detailed steps👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants