This might be a dumb question but can someone confirm if it’s possible to deploy a static site to a domain only accessible by users on a VPN? Any pointers as to how to achieve this with SST?

can you elaborate on why you're looking to protect frontend resources?

It’s a storybook for our component library, we’d just feel a little better if internal documentation wasn’t floating around in the public.

StaticSite is for a cloudfront backed site so it can't be used for putting behind a VPN

A know a little bit about WAF’s, still a little unsure what you’re suggesting it be deployed with if not StaticSite though.

But in general I avoid VPNs in my stack and look for zero trust solutions instead

Yeah we’re exploring other ideas for hooking in SSO with a static site deployment. We apparently use a 3rd party service for some other API documentation so we might go with that. Just thought I’d see if I was missing something.

Not saying this is what you should go with but this is a good overview on a product that works better with these types of situations: https://www.cloudflare.com/teams/access/

We use WAF for this purpose to easily restrict some internal SPA (Angular) applications that are hosted with S3/CloudFront to our office and VPN IPs. If you have known/static IPs to whitelist, WAF is pretty easy to use for that.

Great thanks all, I’m not going to be working on this myself most likely but I’m passing the info along