-
Notifications
You must be signed in to change notification settings - Fork 0
/
static-site.ts
48 lines (42 loc) · 1.54 KB
/
static-site.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/env node
//@ts-nocheck
import * as cdk from '@aws-cdk/core';
import * as s3 from '@aws-cdk/aws-s3';
import * as s3deploy from '@aws-cdk/aws-s3-deployment';
import * as cloudfront from '@aws-cdk/aws-cloudfront';
import * as iam from '@aws-cdk/aws-iam';
import { Construct, Stack } from '@aws-cdk/core';
export class StaticSite extends Construct {
constructor(parent: Stack, name: string) {
super(parent, name);
const cloudfrontOAI = new cloudfront.OriginAccessIdentity(this, "JSCC-OAI")
const siteBucket = new s3.Bucket(this, "JSCCStaticBucket", {
bucketName: "js-cc-cloudfront-s3-v2",
websiteIndexDocument: "index.html",
publicReadAccess: false,
blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL
})
siteBucket.addToResourcePolicy(new iam.PolicyStatement({
actions: ["S3:GetObject"],
resources: [siteBucket.arnForObjects("*")],
principals: [new iam.CanonicalUserPrincipal(cloudfrontOAI.cloudFrontOriginAccessIdentityS3CanonicalUserId)]
}))
const distribution = new cloudfront.CloudFrontWebDistribution(this, "JSCC-distribution", {
originConfigs: [{
s3OriginSource: {
s3BucketSource: siteBucket,
originAccessIdentity: cloudfrontOAI
},
behaviors: [{
isDefaultBehavior: true
}]
}]
})
new s3deploy.BucketDeployment(this, "JSCC-Bucket-Distrubution", {
sources: [s3deploy.Source.asset("./website")],
destinationBucket: siteBucket,
distribution,
distributionPaths: ["/*"]
})
}
}