0

I'm moving an existing static website to S3/CloudFront.

Following some documentation from AWS, I setup a policy on the S3 bucket to make it public:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mywebsite.org/*"
        }
    ]
}

However, when applying said policy, AWS gives me a (honestly scary) warning. Same as discussed in this thread: Serving website from Cloudfront and S3 without public bucket

I actually tried the way they describe in that answer first, setting up Origin Access Identity, but this resulted in a nasty side effect: the directory urls (https://mywebsite.org/directory/) would NOT get the index.html file in there, and result in a 403 instead.

Unfortunately, that behavior breaks a lot of existing links (including links on other websites), so I can't do that.

There's also the possibility to use lambda@edge to solve this, but honestly it just sounds like more code, more problems and more money.

So back to the big scary warning:

AWS warning me that the S3 bucket is now public

It's a static website, so obviously things are going to be public. However this message is still worrying. Is there anything I should know about, unexpected access or potential security issues? Is there a way I can solve that without breaking my links or using lambda@edge?

aspyct
  • 340
  • 6
  • 19
  • 1
    You should be fine concerning the warning message. Check: https://serverfault.com/questions/888487/why-does-aws-recommend-against-public-s3-buckets/888491 – Henrik Pingel May 11 '20 at 17:06

1 Answers1

0

Just ignore that warning if you are configuring S3 as static web hosting. Your website should be public in order for anonymous access.

jellycsc
  • 137
  • 7