cannot block all public access for the s3 bucket · serverless-nextjs/serverless-next.js#813

(1 commento) (0 reazioni) (0 assegnatari)TypeScript (3998 star) (447 fork)batch import

buggood first issue

Descrizione

I am using the serverless next component and I have this setup

nextJsUiApp:
  component: "@sls-next/serverless-component"
  inputs:
    bucketName: xxx
    bucketRegion: xxx
    domain: ["xxxx", "xxxxx.com"]
    nextConfigDir: "../../"
    cloudfront:
      # if you want to use an existing cloudfront distribution, provide it here
      distributionId: xxxxxx
      priceClass: "PriceClass_100"
      origins:
      - url: https://xxxx.s3.amazonaws.com
        private: true

setting the origin private flag to true doesn't seem to do anything to the bucket permissions or policy.

Can i block all public access through any of the config flags?

Guida contributor

Tech stack: typescriptnextjsaws
Dominio: backendclouddevops
Tipo issue: bug
Difficoltà: 3
Tempo stimato: half day
Stato attività: stale
Chiarezza: needs investigation
Prerequisiti: Basic AWS S3 bucket policy knowledgeUnderstanding of serverless next.js configuration
Adatta ai principianti: 30
Direzione di ricerca: The issue reports that the 'private' flag in the CloudFront origin configuration does not actually block public access to the S3 bucket. Investigate the serverless next.js component source code, likely in the '@sls next/serverless component' package, to see how the bucket policy is set. Check if there is any logic that sets a bucket policy to restrict public access when 'private: true' is specified. Also look for any related issues or pull requests that might have addressed this. The goal is to determine whether this is a missing feature or a bug in the existing implementation.