Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CloudFront to use OAC instead of OAI #363

Merged
merged 2 commits into from
Apr 28, 2023
Merged

Update CloudFront to use OAC instead of OAI #363

merged 2 commits into from
Apr 28, 2023

Conversation

ctd
Copy link
Contributor

@ctd ctd commented Apr 28, 2023

Issue #, if available: N/A

Description of changes:

Update CloudFront to use OAC instead of OAI

This change updates the Web UI CloudFront distribution to use Origin
Access Control (OAC) for authentication to the S3 origin, instead of the
previous implementation using Origin Access Identity (OAI).

OAC was introduced in August 2022 to supersede OAI. The main benefit of
this change in S3F2 is that OAI is not supported in AWS regions launched
after December 2022, so this change will be necessary to add region
support in the future.

Bump cfn-lint version

This is necessary to add support for CloudFront Origin Access Control
parameter/types.

Also adds an ignore rule for cfn-lint rule W3002, which "warn(s) when
properties are configured to only work with the package command".

PR Checklist:

  • Changelog updated
  • Unit tests (and integration tests if applicable) provided
  • All tests pass
  • Pre-commit checks pass
  • Debugging code removed
  • If releasing a new version, have you bumped the version in the main CFN template?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

ctd added 2 commits April 28, 2023 11:51
@ctd
Bump cfn-lint version
d903521 
This is necessary to add support for CloudFront Origin Access Control
parameter/types.

Also adds an ignore rule for cfn-lint rule W3002, which "warn(s) when
properties are configured to only work with the package command".
@ctd
Update CloudFront to use OAC instead of OAI
c184579 
This change updates the Web UI CloudFront distribution to use Origin
Access Control (OAC) for authentication to the S3 origin, instead of the
previous implementation using Origin Access Identity (OAI).

OAC was introduced in August 2022 to supersede OAI. The main benefit of
this change in S3F2 is that OAI is not supported in AWS regions launched
after December 2022, so this change will be necessary to add region
support in the future.
@ctd ctd self-assigned this Apr 28, 2023
@ctd ctd mentioned this pull request Apr 28, 2023
Merged
6 tasks
@ctd ctd requested a review from matteofigus April 28, 2023 10:58
@ctd ctd merged commit 995f9d9 into master Apr 28, 2023
@ctd ctd deleted the cloudfront-oac branch April 28, 2023 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matteofigus matteofigus matteofigus approved these changes

Assignees

@ctd ctd

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ctd @matteofigus