From d3d52e279ec9a4688d90d8f1fd5c83ce61c7c9a5 Mon Sep 17 00:00:00 2001 From: Sindhu Tatenene <50239318+sindhute@users.noreply.github.com> Date: Wed, 16 Jun 2021 19:56:02 -0400 Subject: [PATCH 1/5] s3 to private --- .../deployment/src/lib/s3/myStaticWebsite.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts b/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts index ae1f0df5..982cc2d3 100644 --- a/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts +++ b/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts @@ -36,7 +36,7 @@ export class MyStaticWebsite extends Construct { bucketName: `${siteDomain}-website`, websiteIndexDocument: 'index.html', websiteErrorDocument: 'error.html', - publicReadAccess: true, + publicReadAccess: false, // The default removal policy is RETAIN, which means that cdk destroy will not attempt to delete // the new bucket, and it will remain in your account until manually deleted. By setting the policy to From 6c8b66a15205db9b821948c9d4130fe56dd4511c Mon Sep 17 00:00:00 2001 From: Sindhu Tatenene <50239318+sindhute@users.noreply.github.com> Date: Wed, 16 Jun 2021 20:18:08 -0400 Subject: [PATCH 2/5] Update cloud-formation-stack-status.yaml --- .github/workflows/cloud-formation-stack-status.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cloud-formation-stack-status.yaml b/.github/workflows/cloud-formation-stack-status.yaml index f4db8a47..f9f31dcb 100644 --- a/.github/workflows/cloud-formation-stack-status.yaml +++ b/.github/workflows/cloud-formation-stack-status.yaml @@ -199,6 +199,7 @@ jobs: cat cdk.json cat cdk.context.json.template | envsubst > cdk.context.json cat cdk.context.json + cdk bootstap npm run cdk deploy -- --require-approval never echo "Published to: `cat published_domain_name.txt`" echo "Cloudfront Distribution ID: `cat deployed_cloudfront_distribution_id.txt`" From 18e21cd1fc96c3816a32f1804cfa0f22639448d8 Mon Sep 17 00:00:00 2001 From: Sindhu Tatenene <50239318+sindhute@users.noreply.github.com> Date: Wed, 16 Jun 2021 20:34:14 -0400 Subject: [PATCH 3/5] Update cloud-formation-stack-status.yaml --- .github/workflows/cloud-formation-stack-status.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cloud-formation-stack-status.yaml b/.github/workflows/cloud-formation-stack-status.yaml index f9f31dcb..f4db8a47 100644 --- a/.github/workflows/cloud-formation-stack-status.yaml +++ b/.github/workflows/cloud-formation-stack-status.yaml @@ -199,7 +199,6 @@ jobs: cat cdk.json cat cdk.context.json.template | envsubst > cdk.context.json cat cdk.context.json - cdk bootstap npm run cdk deploy -- --require-approval never echo "Published to: `cat published_domain_name.txt`" echo "Cloudfront Distribution ID: `cat deployed_cloudfront_distribution_id.txt`" From a637eafa94cbb965aa0d1bfe50250a066efbd1e3 Mon Sep 17 00:00:00 2001 From: Sindhu Tatenene <50239318+sindhute@users.noreply.github.com> Date: Wed, 16 Jun 2021 23:28:43 -0400 Subject: [PATCH 4/5] Update myStaticWebsite.ts --- .../deployment/src/lib/s3/myStaticWebsite.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts b/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts index 982cc2d3..ae1f0df5 100644 --- a/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts +++ b/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts @@ -36,7 +36,7 @@ export class MyStaticWebsite extends Construct { bucketName: `${siteDomain}-website`, websiteIndexDocument: 'index.html', websiteErrorDocument: 'error.html', - publicReadAccess: false, + publicReadAccess: true, // The default removal policy is RETAIN, which means that cdk destroy will not attempt to delete // the new bucket, and it will remain in your account until manually deleted. By setting the policy to From 161e847e37c16f68b24c27fa9ad8d390198ab569 Mon Sep 17 00:00:00 2001 From: Sindhu Tatenene <50239318+sindhute@users.noreply.github.com> Date: Thu, 17 Jun 2021 11:59:17 -0400 Subject: [PATCH 5/5] restrict s3 public read --- .../deployment/src/lib/s3/myStaticWebsite.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts b/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts index ae1f0df5..b391c57c 100644 --- a/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts +++ b/authenticated-cloud-docs/deployment/src/lib/s3/myStaticWebsite.ts @@ -36,7 +36,7 @@ export class MyStaticWebsite extends Construct { bucketName: `${siteDomain}-website`, websiteIndexDocument: 'index.html', websiteErrorDocument: 'error.html', - publicReadAccess: true, + publicReadAccess: falsepublic read a, // The default removal policy is RETAIN, which means that cdk destroy will not attempt to delete // the new bucket, and it will remain in your account until manually deleted. By setting the policy to