Remove public access to S3 buckets now fronted by Cloudfront

sciencehistory / terraform_scihist_digicoll

0 stars 0 forks source link

Remove public access to S3 buckets now fronted by Cloudfront #84

Closed jrochkind closed 1 month ago

jrochkind commented 2 months ago

In final state of Cloudfront deployment, once production is using cloudfront, we merge and deploy this to remove public access to direct S3 buckets. See #81

Revert "temporarily restore public access to buckets, as part of cloudfront migration plan"

This reverts commit bf56a6b0dbc6ee43b37c40040eec4de770c3cc26.

jrochkind commented 1 month ago

Chuck mentioned this might interrupt some of his backup routines that try to download directly from bucket!

Not sure the solution to that, might be having them download from cloudfront instead, but CF url's can potentially change... we'll have to think about it, Chuck said he was fine with seeing if it broke then dealing with it.

I am going to merge and deploy this now!

jrochkind commented 1 month ago

(Also per Chuck's concern -- originals bucket was already not public, hasn't changed, so if the backup routine is just getting originals, as I think it might be -- no change!)

jrochkind commented 1 month ago

Terraform applied production