CDK Construct for a private frontend hosting S3 bucket
Project description
CDK Private S3 Hosting Construct
This is a CDK construct that creates a private S3 bucket and an Application Load Balancer (ALB) with a listener rule that forwards requests to the S3 bucket.
You can use this construct for a enterprise use case where you want to host a static website in a private network.
Original idea is from this blog post. And some implementations are referenced from this post.
Architecture
Installation
You can install the package via npm:
npm install cdk-private-s3-hosting
Usage
To create a private S3 bucket and an ALB with a listener rule that forwards requests to the S3 bucket, you can use the following code:
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
});
After you deploy the stack, you can access the S3 bucket using the ALB's DNS name from the VPC where the stack is deployed.
For example, if you put the hoge.txt file in the root of S3 bucket, you can access it using the following command:
curl http://cryer-nao-domain.com/hoge.txt
Use existing VPC
You can use an existing VPC by specifying the vpc property.
declare const vpc: ec2.IVpc;
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
vpc,
});
Specify the sub domain
You can specify the sub domain by setting the subDomain property.
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
subDomain: 'sub',
});
In this case, the S3 bucket name will be created with ${subDomain}.${domainName}.
If enablePrivateDns is enabled, a private hosted zone will also be created for the domainName and an A record will be created from ${subDomain}.${domainName} to the ALB DNS name.
You can retrieve hoge.txt on the root of the S3 bucket using the following command:
curl http://sub.cryer-nao-domain.com/hoge.txt
Deploy the frontend assets
You can deploy the frontend assets to the S3 bucket like below:
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
import * as s3deploy from 'aws-cdk-lib/aws-s3-deployment';
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
});
new s3deploy.BucketDeployment(this, 'DeployWebsite', {
sources: [s3deploy.Source.asset('./website-dist')],
destinationBucket: privateS3Hosting.bucket,
});
After deploying the stack, you can access the website using the domainName you specified from the VPC.
[cloudshell-user@ip-10-0-31-170 ~]$ curl http://cryer-nao-domain.com/ -L
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Vite + React + TS</title>
<script type="module" crossorigin src="/assets/index-f40OySzR.js"></script>
<link rel="stylesheet" crossorigin href="/assets/index-DiwrgTda.css">
</head>
<body>
<div id="root"></div>
</body>
</html>
Note: All access to the path pattern */ will be redirected to /index.html. Therefore, it will function correctly even when the path is set on the frontend and the page is reloaded.
Note: I also recommend to use deploy-time-build to build the frontend assets while deploying the stack.
Setup DNS
This construct creates Route53 hosted zone and an A record for the domain name you specified by default.
If you want to use your own DNS settings(e.g. using a corporate DNS server),
you can disable the Route53 hosted zone creation by setting the enablePrivateDns property to false.
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
enablePrivateDns: false,
});
TLS Certificate
If you want to use HTTPS, you need to create a TLS certificate in ACM and pass it to the certificate property.
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
import { PrivateS3Hosting } from 'cdk-private-s3-hosting';
declare const certificate: acm.ICertificate;
const privateS3Hosting = new PrivateS3Hosting(this, 'PrivateS3Hosting', {
domainName: 'cryer-nao-domain.com',
certificate,
});
Of course, specified domain name (domainName and subDomain) must be the same as the domain name of the certificate.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cdk_private_s3_hosting-0.0.10.tar.gz.
File metadata
- Download URL: cdk_private_s3_hosting-0.0.10.tar.gz
- Upload date:
- Size: 62.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ab95a3b04ef5cf7a8528ef9f171f8ae3f24b2883534e90efe2f42e51bdd8aeed
|
|
| MD5 |
ec93338c7491d49b7d60c7c464a4e7c7
|
|
| BLAKE2b-256 |
7526d84afb4a93125c7217b2ffb2253a96016a099c8820b248973046da23bed5
|
File details
Details for the file cdk_private_s3_hosting-0.0.10-py3-none-any.whl.
File metadata
- Download URL: cdk_private_s3_hosting-0.0.10-py3-none-any.whl
- Upload date:
- Size: 60.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1c2401d4e91c0deb137ef292a83acc35cc1dd98b288c8591ab5c08cd10b1cd27
|
|
| MD5 |
ddc6d46e39a01254dccc383a7faebdf5
|
|
| BLAKE2b-256 |
24f8373a0f8eee918668e5c153381842d3009b0d08ad2d1f6499aef2bb616b5a
|
