Home

Welcome to the s3-cloudfront-static-website wiki!

Public s3 buckets have been at the centre of several high profile data leaks. Due to this, it is increasingly becoming corporate policy to completely disallow public S3 buckets most often implemented through boundary policies.

Additionally the Security Best Practices for Amazon S3 clearly states:

"Unless you explicitly require anyone on the internet to be able to read or write to your S3 bucket, you should ensure that your S3 bucket is not public."

When hosting a static website utilising a CloudFront CDN layer in front of S3, there is no need for the S3 bucket itself to be public. It is also preferable from a cost and latency perspective to direct all traffic through CloudFront.

However, the majority of terraform modules for hosting static websites utilising S3 and CloudFront expose the buckets publicly. This module aims to resolve this.