Description
Configure CloudFront Origin Access Control so the S3 bucket can remain private while CloudFront serves the site.
Scope
- Create or configure OAC
- Attach OAC to CloudFront origin
- Update S3 bucket policy
- Block direct public access to S3
- Verify CloudFront can still access files
Out of Scope
- Custom domain setup
- GitHub Actions deployment
- Route 53
- ACM certificate
Acceptance Criteria
Technical Notes
- Prefer OAC over public bucket hosting for final setup.
- Be careful not to expose the bucket publicly.
Related
- Depends on: Configure CloudFront distribution with S3 origin
Description
Configure CloudFront Origin Access Control so the S3 bucket can remain private while CloudFront serves the site.
Scope
Out of Scope
Acceptance Criteria
Technical Notes
Related