falsycat/imbusy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix 403

Browse Source
This commit is contained in:
falsycat 2025-06-21 10:02:48 +09:00
parent 4847424d9b
commit 82b6a7a718
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
infra/frontend.ts
View File

@ -12,7 +12,24 @@ const prefix = `${common.prefix}-frontend`;
// ---- bucket ---- // ---- bucket ----
export const bucket = new aws.s3.Bucket(`${prefix}-bucket`, {tags}); export const bucket = new aws.s3.Bucket(`${prefix}-bucket`, {tags});
const bucketOai = new aws.cloudfront.OriginAccessIdentity(`${prefix}-oai`);
// ---- OAI ----
const oai = new aws.cloudfront.OriginAccessIdentity(`${prefix}-oai`);
new aws.s3.BucketPolicy(`${prefix}-bucket-policy`, {
bucket: bucket.bucket,
policy: pulumi.all([oai.iamArn, bucket.arn]).apply(([a, b]) => JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: {
AWS: a,
},
Action: ["s3:GetObject"],
Resource: [`${b}/*`],
}],
})),
});
// ---- cloudfront ---- // ---- cloudfront ----
export const cloudfront = new aws.cloudfront.Distribution(`${prefix}-cloudfront`, { export const cloudfront = new aws.cloudfront.Distribution(`${prefix}-cloudfront`, {
@ -21,7 +38,7 @@ export const cloudfront = new aws.cloudfront.Distribution(`${prefix}-cloudfront`
domainName: bucket.bucketRegionalDomainName, domainName: bucket.bucketRegionalDomainName,
originId: bucket.arn, originId: bucket.arn,
s3OriginConfig: { s3OriginConfig: {
originAccessIdentity: bucketOai.cloudfrontAccessIdentityPath, originAccessIdentity: oai.cloudfrontAccessIdentityPath,
}, },
}], }],
enabled: true, enabled: true,