s3-cloudfront-oac-cdk-python: Update aws-cdk-lib and migrate OAI to OAC#3209
s3-cloudfront-oac-cdk-python: Update aws-cdk-lib and migrate OAI to OAC#3209kakakakakku wants to merge 7 commits into
Conversation
…ttern template and OAC
| <h1>Hello from S3 + CloudFront!</h1> | ||
| <p>This page is served from a private S3 bucket through CloudFront using Origin Access Control (OAC).</p> | ||
| </body> | ||
| </html> |
There was a problem hiding this comment.
note: The CDK code specifies index.html as the default_root_object, but the file itself did not exist in the pattern, so I added it.
| removal_policy=RemovalPolicy.DESTROY, | ||
| auto_delete_objects=True, | ||
| encryption=s3.BucketEncryption.KMS, | ||
| encryption=s3.BucketEncryption.S3_MANAGED, |
There was a problem hiding this comment.
note: To keep the pattern cost-effective and easy to try out, I changed the bucket encryption from KMS to S3 managed encryption.
| default_behavior=cloudfront.BehaviorOptions( | ||
| origin=origins.S3Origin(website_bucket, origin_access_identity=oai), | ||
| origin_request_policy=cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN, | ||
| origin=origins.S3BucketOrigin.with_origin_access_control(website_bucket), |
There was a problem hiding this comment.
note: Migrated from OAI to OAC here, since S3Origin with OriginAccessIdentity is now deprecated.
| destination_bucket=website_bucket, | ||
| distribution=distribution, | ||
| distribution_paths=["/*"] | ||
| ) |
There was a problem hiding this comment.
note: Since I added index.html, this deploys it to the S3 bucket.
| app = cdk.App() | ||
| stack = cdk.Stack(app, "S3CloudFrontOACStack") | ||
| S3CloudFrontOAC(stack, "s3-hosted-website") | ||
| app.synth() |
There was a problem hiding this comment.
note: The original setup seemed to expect users to move the provided file into their own CDK project to run it, but this differs from the other patterns and I don't think it works as a standalone pattern. I improved the CDK implementation so that it can be deployed on its own😀
There was a problem hiding this comment.
note: I wanted to update the OAI label to OAC in diagram.PNG, but only the image was committed. So I recreated it with draw.io and committed both the image and the draw.io file together. This should make it easier to maintain going forward 🎉
| ---- | ||
| Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
|
|
||
| SPDX-License-Identifier: MIT-0 |
There was a problem hiding this comment.
note: I rewrote the README based on s3-sqs-cdk, with more detailed steps👍
Issue #, if available:
N/A
Description of changes:
Hi😀 Thanks for the useful patterns!
Note
This PR renames the pattern directory from
s3-cloudfront-oai-cdk-pythontos3-cloudfront-oac-cdk-python.I migrated this pattern from OAI to OAC, which AWS now recommends. I also restructured it as a deployable CDK app so that users can try it out with
cdk deployinstead of copying the construct file into their own project.I'll add details as inline comments👍
Check
cdk deploycompleted successfully and works good.Thank you😀
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.