feat: add an origin access control

2025-05-13 20:29:03 +09:00 · 2025-05-13 20:29:03 +09:00 · c352d43605
commit c352d43605
parent 793fb44aba
1 changed files with 13 additions and 5 deletions
--- a/template-cloudfront.yaml
+++ b/template-cloudfront.yaml
@ -7,6 +7,16 @@ Parameters:
    Default: "naputo-blog-public"

 Resources:
+
+  BlogOriginAccessControl:
+    Type: AWS::CloudFront::OriginAccessControl
+    Properties:
+      OriginAccessControlConfig:
+        Name: "MyBlogOAC"
+        OriginAccessControlOriginType: s3
+        SigningBehavior: always
+        SigningProtocol: sigv4
+
  BlogCloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
@ -14,11 +24,9 @@ Resources:
        Enabled: true
        Origins:
          - Id: S3WebsiteOrigin
-            DomainName: !Sub "${WebsiteBucketName}.s3-website-${AWS::Region}.amazonaws.com"
-            CustomOriginConfig:
-              HTTPPort: 80
-              HTTPSPort: 80
-              OriginProtocolPolicy: http-only
+            DomainName: !Sub "${WebsiteBucketName}.s3.amazonaws.com"
+            OriginAccessControlId: !Ref BlogOriginAccessControl
+            S3OriginConfig: {}
        DefaultCacheBehavior:
          TargetOriginId: S3WebsiteOrigin
          ViewerProtocolPolicy: redirect-to-https