cdk-private-s3-hosting
Advanced tools
This is a CDK construct that creates a private S3 bucket and an Application Load Balancer (ALB) with a listener rule that forwards requests to the S3 bucket.
You can use this construct for a enterprise use case where you want to host a static website in a private network.
Original idea is from this blog post. And some implementations are referenced from this post.
You can install the package via npm:
npm install cdk-private-s3-hosting
To create a private S3 bucket and an ALB with a listener rule that forwards requests to the S3 bucket, you can use the following code:
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
});
After you deploy the stack, you can access the S3 bucket using the ALB's DNS name from the VPC where the stack is deployed.
For example, if you put the hoge.txt file in the root of S3 bucket, you can access it using the following command:
curl http://cryer-nao-domain.com/hoge.txt
You can use an existing VPC by specifying the vpc property.
declare const vpc: ec2.IVpc;
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
vpc,
});
You can specify the sub domain by setting the subDomain property.
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
subDomain: 'sub',
});
In this case, the S3 bucket name will be created with ${subDomain}.${domainName}.
If enablePrivateDns is enabled, a private hosted zone will also be created for the domainName and an A record will be created from ${subDomain}.${domainName} to the ALB DNS name.
You can retrieve hoge.txt on the root of the S3 bucket using the following command:
curl http://sub.cryer-nao-domain.com/hoge.txt
You can deploy the frontend assets to the S3 bucket like below:
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
import * as s3deploy from 'aws-cdk-lib/aws-s3-deployment';
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
});
new s3deploy.BucketDeployment(this, 'DeployWebsite', {
sources: [s3deploy.Source.asset('./website-dist')],
destinationBucket: privateS3Hosting.bucket,
});
After deploying the stack, you can access the website using the domainName you specified from the VPC.
[cloudshell-user@ip-10-0-31-170 ~]$ curl http://cryer-nao-domain.com/ -L
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Vite + React + TS</title>
<script type="module" crossorigin src="/assets/index-f40OySzR.js"></script>
<link rel="stylesheet" crossorigin href="/assets/index-DiwrgTda.css">
</head>
<body>
<div id="root"></div>
</body>
</html>
Note: All access to the path pattern */ will be redirected to /index.html. Therefore, it will function correctly even when the path is set on the frontend and the page is reloaded.
Note: I also recommend to use deploy-time-build to build the frontend assets while deploying the stack.
This construct creates Route53 hosted zone and an A record for the domain name you specified by default.
If you want to use your own DNS settings(e.g. using a corporate DNS server),
you can disable the Route53 hosted zone creation by setting the enablePrivateDns property to false.
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
enablePrivateDns: false,
});
If you want to use HTTPS, you need to create a TLS certificate in ACM and pass it to the certificate property.
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
declare const certificate: acm.ICertificate;
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
certificate,
});
Of course, specified domain name (domainName and subDomain) must be the same as the domain name of the certificate.
FAQs
CDK Construct for a private frontend hosting S3 bucket
We found that cdk-private-s3-hosting demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.