-
Notifications
You must be signed in to change notification settings - Fork 2
Current Implementations
Faizan Raza edited this page Apr 16, 2022
·
1 revision
The vast majority of tutorials and modules follow the architecture described with the Configuring a static website using a custom domain registered with Route 53 Tutorial
However, as with the majority of tutorials this architecture is not necessarily ideal.
Some of the key issues with this architecture are:
- The root bucket has static website hosting enabled but this is not required for CloudFront to access s3 buckets.
- The redirect bucket is no longer required once CloudFront is utilised as both root and www subdomain requests will be directed directly to the root domain bucket.
- The users still have the ability to access the bucket objects directly from the s3 website endpoint. This circumvents the CloudFront distribution and can nullify CloudFront features like geographic restrictions.
The proposed architecture addresses simplifies this convoluted architecture by:
- Only utilises one bucket
- Bucket is private with IAM policies providing CloudFront Access
- Users can only access the website through CloudFront