https://serverless-stack.com/ logo
Join Slack
Powered by
What in `StaticSite` is giving the CF Distro acces...
# help
d
What in 
StaticSite
is giving the CF Distro access to the bucket? In our CFN we normally create a CF OAI and then give it read access to the bucket to that only the distro can and there is no direct access to the bucket. Seems like you have this working in StaticSite…. but I can’t see anything that sets this up? Is this maybe a sane default of cdk?
f
Hey @Dan Van Brunt, I need to double check, but i think when u set the S3 bucket as the distribution origin, CDK hooks up the bucket policy.
So if u inspect the CFN template, the BucketPolicy should look like:
Copy code
"FrontendBucketPolicyB05AF112": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket": {
          "Ref": "FrontendBucket5DAC5524"
        },
        "PolicyDocument": {
          "Statement": [
             ...
             {
              "Action": "s3:GetObject",
              "Effect": "Allow",
              "Principal": {
                "CanonicalUser": {
                  "Fn::GetAtt": [
                    "FrontendDistributionOrigin1S3Origin0C7BC470",
                    "S3CanonicalUserId"
                  ]
                }
              },
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    {
                      "Fn::GetAtt": [
                        "FrontendBucket5DAC5524",
                        "Arn"
                      ]
                    },
                    "/*"
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        }
      },
      "Metadata": {
        "aws:cdk:path": "dev-playground-site/Frontend/Bucket/Policy/Resource"
      }
    },
d
yup… figured it was CDK… Thanks!
Need to suck out that `
Copy code
"FrontendDistributionOrigin1S3Origin0C7BC470",
                    "S3CanonicalUserId"
for use elsewhere.
https://docs.aws.amazon.com/cdk/latest/guide/tokens.html#tokens_lazy
“You can construct tokens representing synth-time lazy values using static methods on the 
Lazy
 class, such as Lazy.stringValue (Python: 
Lazy.string_value
) and Lazy.numberValue (Python: 
Lazy.number_value
. These methods accept an object whose 
produce
 property is a function that accepts a context argument and returns the final value when called.”
f
Yeah can u try 
Stack.resolve(origins)
? (replied in the other thread)
d
How do I get 
origins
from this… ? 
const cfDistribution = this.cfDistribution.node.defaultChild as cf.CfnDistribution
very newb on this part of CDK
tried 
this.cfDistribution.node.findChild('origins')
but no luck
f
Let’s see, what does this show 
Stack.resolve(this.cfDistribution)
?
d
kk
*cdk*.Stack.resolve(this.cfDistribution)
I assume
nope…resolve isn’t a function on cdk.Stack
f
i see.. lemme give it a try
d
I think resolve is a function on a stack instance
const stack = cdk.Stack.of(this)
Open in Slack
PreviousNext
Powered by