Menu
When hosting a site with AWS S3 and CloudFront, it's possible to restrict access to content that you serve from Amazon S3 buckets.
I want to restrict access to assets on S3 to my Amplify App (CDN).
Is it possible to achieve the same restriction with AWS Amplify? After deploying my AWS Amplify App, I don't see a CloudFront distribution. The documentation states: "The AWS Amplify Console leverages the Amazon CloudFront Global Edge Network to distribute your web app globally" (FAQ, Hosting).
336
In researching how to restrict access to S3 to CloudFront using Origin Access Identity for an Amplify App, I realised an important difference in the two approaches of hosting an Amplify App:
In the past, I only ever used the Amplify Console to associate a custom domain to my app. I didn't understand why I couldn't find the CloudFront distribution that the Amplify Console Hosting FAQ was referring to.
I learned that after adding a Route 53 managed custom domain to my Amplify App via the Amplify Console, an AWS Managed CloudFront distribution was automatically created. This CloudFront distribution is not visible within your account and cannot be directly managed by you. I first noticed this when I saw the Alias record in Route53 pointed to a CloudFront distribution that is not in my account after adding the custom domain.
It seems that once you added a custom domain through Amplify console, and then to add hosting with the Amplify CLI will not invalidate the AWS managed CloudFront distribution
I haven't found any guidance in the documentation as to which hosting strategy is better. I assume one advantage of using Amplify custom domain might be that the AWS managed CloudFront distribution is created using optimal settings for your app. This way also means Amplify efficiently takes care of cache invalidations.
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
