Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Amplify CLI CloudFront S3 Restrictions

When hosting a site with AWS S3 and CloudFront, it's possible to restrict access to content that you serve from Amazon S3 buckets.

I want to restrict access to assets on S3 to my Amplify App (CDN).

Is it possible to achieve the same restriction with AWS Amplify? After deploying my AWS Amplify App, I don't see a CloudFront distribution. The documentation states: "The AWS Amplify Console leverages the Amazon CloudFront Global Edge Network to distribute your web app globally" (FAQ, Hosting).

like image 336
Ultradoxx Avatar asked May 07 '20 11:05

Ultradoxx


1 Answers

In researching how to restrict access to S3 to CloudFront using Origin Access Identity for an Amplify App, I realised an important difference in the two approaches of hosting an Amplify App:

  • Using the AWS Amplify Console, or
  • Using S3 and CloudFront (prod stage)

In the past, I only ever used the Amplify Console to associate a custom domain to my app. I didn't understand why I couldn't find the CloudFront distribution that the Amplify Console Hosting FAQ was referring to.

AWS Managed CloudFront Distribution

I learned that after adding a Route 53 managed custom domain to my Amplify App via the Amplify Console, an AWS Managed CloudFront distribution was automatically created. This CloudFront distribution is not visible within your account and cannot be directly managed by you. I first noticed this when I saw the Alias record in Route53 pointed to a CloudFront distribution that is not in my account after adding the custom domain.

Custom Domain takes Precedence

It seems that once you added a custom domain through Amplify console, and then to add hosting with the Amplify CLI will not invalidate the AWS managed CloudFront distribution

Which is better?

I haven't found any guidance in the documentation as to which hosting strategy is better. I assume one advantage of using Amplify custom domain might be that the AWS managed CloudFront distribution is created using optimal settings for your app. This way also means Amplify efficiently takes care of cache invalidations.

like image 163
Ultradoxx Avatar answered Oct 03 '22 23:10

Ultradoxx