-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S3BucketOrigin.withOriginAccessControl: No Option to add ListBucket permission #31689
Comments
### This permission allows CloudFront to handle 404 errors and deliver custom error responses, which is essential for deep linking within the SPA. public withOriginAccessControl(props?: { allowListBucket?: boolean }) { if (props?.allowListBucket) { this.updateBucketPolicy(bucketPolicy); |
Hi @khushail Yes that past issue is similar - but that is to for OAI access pattern vs the newer OAC. I agree with the comments made in that issue that adding |
thanks @andyfase for replying back. Keeping all the discussion in mind, I think it would be appropriate to convert this bug to Feature request and mark it as P2 , to be available for community as well as team contribution. @hetvi20 , thanks for commenting. If you would like to contribute a PR, please feel free to follow our Contribution guide and team would be happy to review your submission. Thanks. |
@khushail I have go through it thank for information. Can you merge my pull request in this respo. |
@hetvi20 , I don't see any pull request linked with this issue. Also did not find any PR in CDK Repo. Could you please share your PR and link with this issue? Once a PR has been submitted, Let me know if you need any other information/help. |
#31689 (comment) this is
link
…On Mon, 14 Oct, 2024, 12:39 pm Shailja Khurana, ***@***.***> wrote:
@hetvi20 <https://github.com/hetvi20> , I don't see any pull request
linked with this issue. Also did not find any PR in CDK Repo
<https://github.com/aws/aws-cdk/pulls>. Could you please share your PR
and link with this issue?
Once a PR has been submitted, community-reviewers review it and provide
their feedback in form of comments. Then its reviewed by cdk maintainers
who give the final stamp of approval and then PR is merged.
If you need any guidance/help from the community, please feel free to
reach out at CDK.DEV <https://cdk.dev/> community slack channel.
Let me know if you need any other information/help.
—
Reply to this email directly, view it on GitHub
<#31689 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AOGE42O7CQIMOQ7QQIA7ZLLZ3P6TLAVCNFSM6AAAAABPQLYJROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJRHA3DQNBSHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@hetvi20 , this is comment with code. Let me clarify the process little bit more. You would need to submit a pull request with changes and integration tests, and link to this issue. Here is a sample PR -#31822 Once a PR is submitted, it would go through community-review and then core team's review. If you need any further help with creation of PR, here are few tutorials which could prove helpful- You could also reach out to Community for help and guidance on CDK.dev. |
Describe the bug
The
withOriginAccessControl
method only has functionality to add GetObject, PutObject or DeleteObject permissions to the provided bucket resource policy. When using CloudFront to host a SPA app (Single Page App) its common to require to put a custom error response to translate HTTP 404 (page not found) to HTTP 200 responses, this is support deep linking within the SPA app.To allow for this the S3 bucket must provide ListBucket permission to CloudFront, allowing CloudFront to identify the file doesnt exist and actually omit a HTTP 404. Currently this is not exposed via
withOriginAccessControl
and a user has no understand this and then add the permission manally to the bucket policyGiven the code for
withOriginAccessControl
is already modifiing the bucket resource policy it should be expected that it also handles this use caseRegression Issue
Last Known Working CDK Version
N/A
Expected Behavior
Bucket Policy has the ability to have ListBucket permissions granted to CloudFront
Current Behavior
Only GetObject permissions added to the
/*
resource ARN - ListBucket needs to be to the bucket resource not a Key resourceReproduction Steps
use
withOriginAccessControl
and see thatListBucket
permission cannot be addedPossible Solution
Expose functionality (extra prop) to
withOriginAccessControl
to allow for ListBucket permission addingAdditional Information/Context
N/A
CDK CLI Version
2.160.0
Framework Version
No response
Node.js Version
v20.14.0
OS
osx
Language
TypeScript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: