Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cloudfront-origins] Expose the OriginAccessIdentity from S3Origin #9859

Closed
njlynch opened this issue Aug 20, 2020 · 1 comment · Fixed by #10491
Closed

[cloudfront-origins] Expose the OriginAccessIdentity from S3Origin #9859

njlynch opened this issue Aug 20, 2020 · 1 comment · Fixed by #10491
Assignees
@njlynch
Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront @aws-cdk/aws-cloudfront-origins Related to CloudFront Origins for the CDK CloudFront Library effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p2

Comments

@njlynch
Copy link
Contributor

njlynch commented Aug 20, 2020

See #9811 for original discussion/motivation.

In some cases, a user may want to gain access to the automatically-created origin access identity (OAI) from S3Origin to reference it in an explicit bucket policy.

Use Case

If using an imported bucket, the OAI will not be granted read access to the bucket. A user may need to explicitly create a bucket policy in this case and reference the OAI to do so.

Proposed Solution

Expose an optional property on S3Origin of originAccessIdentity? that delegates down to the S3BucketOrigin.originAccessIdentity (if present). Care will need to be taken to handle the situation properly where: (1) the underlying origin is an HttpOrigin; or (2) the origin hasn't been bound yet.

This is a 🚀 Feature Request
@njlynch njlynch added good first issue Related to contributions. See CONTRIBUTING.md p2 feature-request A feature should be added or improved. @aws-cdk/aws-cloudfront Related to Amazon CloudFront effort/small Small work item – less than a day of effort @aws-cdk/aws-cloudfront-origins Related to CloudFront Origins for the CDK CloudFront Library labels Aug 20, 2020
@njlynch njlynch mentioned this issue Aug 20, 2020
Closed
wtho added a commit to wtho/aws-cdk that referenced this issue Sep 23, 2020
@wtho
feat(cloudfront-origins): customize origin access identity in s3origin
e9e3c07 
Adds support for passing in a identity as it is possible in the CloudFrontWebDistribution

closes aws#9859
@wtho wtho mentioned this issue Sep 23, 2020
Merged
wtho added a commit to wtho/aws-cdk that referenced this issue Sep 23, 2020
@wtho
feat(cloudfront-origins): customize origin access identity in s3origin
0837ad3 
Adds support for passing in a identity as it is possible in the CloudFrontWebDistribution

closes aws#9859
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Sep 23, 2020
wtho added a commit to wtho/aws-cdk that referenced this issue Oct 6, 2020
@wtho
feat(cloudfront-origins): customize origin access identity in s3origin
960f7ba 
Adds support for passing in a identity as it is possible in the CloudFrontWebDistribution

closes aws#9859
wtho added a commit to wtho/aws-cdk that referenced this issue Oct 6, 2020
@wtho
feat(cloudfront-origins): customize origin access identity in s3origin
50bc0f6 
Adds support for passing in a identity as it is possible in the CloudFrontWebDistribution

closes aws#9859
@mergify mergify bot closed this as completed in #10491 Oct 7, 2020
mergify bot pushed a commit that referenced this issue Oct 7, 2020
@wtho
feat(cloudfront-origins): customize origin access identity in s3origin (
dbb7e34 
#10491)

Adds support for passing in a identity as it is possible in the CloudFrontWebDistribution

closes #9859


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Oct 7, 2020

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

njlynch pushed a commit that referenced this issue Oct 7, 2020
@wtho @njlynch
feat(cloudfront-origins): customize origin access identity in s3origin (
20a6ddc 
#10491)

Adds support for passing in a identity as it is possible in the CloudFrontWebDistribution

closes #9859


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@rantoniuk rantoniuk mentioned this issue Jul 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njlynch njlynch

Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront @aws-cdk/aws-cloudfront-origins Related to CloudFront Origins for the CDK CloudFront Library effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cloudfront-origins): customize origin access identity in s3origin wtho/aws-cdk
2 participants
@njlynch @SomayaB