Skip to content

Configure Origin Access Control for private S3 access #14

Description

@replakcan

Description

Configure CloudFront Origin Access Control so the S3 bucket can remain private while CloudFront serves the site.

Scope

  • Create or configure OAC
  • Attach OAC to CloudFront origin
  • Update S3 bucket policy
  • Block direct public access to S3
  • Verify CloudFront can still access files

Out of Scope

  • Custom domain setup
  • GitHub Actions deployment
  • Route 53
  • ACM certificate

Acceptance Criteria

  • S3 bucket blocks public access
  • CloudFront has permission to read from the bucket
  • Direct public S3 object access is blocked
  • CloudFront URL serves the website correctly
  • Bucket policy is documented

Technical Notes

  • Prefer OAC over public bucket hosting for final setup.
  • Be careful not to expose the bucket publicly.

Related

  • Depends on: Configure CloudFront distribution with S3 origin

Metadata

Metadata

Assignees

Labels

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions