Closed mijdavis2 closed 6 years ago
Doh! Didn't see #119 - though it does look like it's using WAF/ACL as opposed to cloudfront access origin ID. This might be another viable solution and arguably simpler. Then you can use WAF to also lock down the cloudfront distro via ACL on top of this.
I have some free time today so I've implemented it by myself. So let me close this PR. Thank you again for your contribution.
Fixes #115
Restricts the S3 policy to only allow from a cloudfront access origin ID. Currently uses the same origin for status page and admin page - not sure if there's ramifications to that, but I assume you can't hop to a different bucket from a cloudfront distro.
Borrowed the property snippet from https://gist.github.com/matalo33/fc2a9d8698c069e134b4b0b6640f0c84