Skip to content
This repository was archived by the owner on Mar 27, 2023. It is now read-only.

Commit a611701

Browse files
briancaffeybriancaffey
committed
added assets bucket to cloudfront to serve media and static files from cloudfront distribution
1 parent f439d0c commit a611701

File tree

5 files changed

+113
-51
lines changed

5 files changed

+113
-51
lines changed

awscdk/awscdk/cdk_app_root.py

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -58,13 +58,18 @@ def __init__(
5858
self, "StaticSiteBucket", full_app_name=full_app_name
5959
).static_site_bucket
6060

61+
self.assets = Assets(
62+
self, "BackendAssets", full_app_name=full_app_name
63+
)
64+
6165
self.cloudfront = CloudFront(
6266
self,
6367
"StaticSite",
6468
hosted_zone=self.hosted_zone,
6569
static_site_bucket_name=self.static_site_bucket.bucket_name, # noqa
6670
certificate=self.certificate,
6771
alb=self.alb.load_balancer_dns_name,
72+
assets_bucket=self.assets.assets_bucket,
6873
full_domain_name=full_domain_name,
6974
full_app_name=full_app_name,
7075
)
@@ -83,10 +88,6 @@ def __init__(
8388

8489
self.ecs = Ecs(self, "Ecs", vpc=self.vpc, full_app_name=full_app_name)
8590

86-
self.assets = Assets(
87-
self, "BackendAssets", full_app_name=full_app_name
88-
)
89-
9091
self.rds = Rds(
9192
self, "RdsDBCluster", vpc=self.vpc, full_app_name=full_app_name
9293
)

awscdk/awscdk/cloudfront.py

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ def __init__(
1717
static_site_bucket_name: str,
1818
hosted_zone: route53.IHostedZone,
1919
certificate: acm.ICertificate,
20+
assets_bucket: s3.IBucket,
2021
alb: str,
2122
full_domain_name: str,
2223
full_app_name: str,
@@ -28,6 +29,7 @@ def __init__(
2829
f"{static_site_bucket_name}.s3-website-us-east-1.amazonaws.com"
2930
)
3031
path_patterns = ["/api/*", "/admin/*", "/flower/*"]
32+
3133
self.distribution = cloudfront.CloudFrontWebDistribution(
3234
self,
3335
"CloudFrontDistribution",
@@ -62,6 +64,23 @@ def __init__(
6264
)
6365
],
6466
),
67+
cloudfront.SourceConfiguration(
68+
s3_origin_source=cloudfront.S3OriginConfig(
69+
s3_bucket_source=assets_bucket
70+
),
71+
behaviors=[
72+
cloudfront.Behavior(
73+
allowed_methods=cloudfront.CloudFrontAllowedMethods.ALL,
74+
path_pattern=path_pattern,
75+
forwarded_values={
76+
"headers": ["*"],
77+
"cookies": {"forward": "all"},
78+
"query_string": True,
79+
},
80+
)
81+
for path_pattern in ["/static/*", "/media/*"]
82+
],
83+
),
6584
],
6685
alias_configuration=cloudfront.AliasConfiguration(
6786
acm_cert_ref=certificate.certificate_arn,

awscdk/stack.yml

Lines changed: 87 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -283,8 +283,8 @@ Resources:
283283
Ref: VpcC3027511
284284
Metadata:
285285
aws:cdk:path: dev-mysite-com-stack/ApplicationLoadBalancer/ALB/SecurityGroup/Resource
286-
ApplicationLoadBalancerALBSecurityGrouptodevmysitecomstackBackendBackendSecurityGroup987E976C8000947E9AB3:
287-
Type: AWS::EC2::SecurityGroupEgress
286+
? ApplicationLoadBalancerALBSecurityGrouptodevmysitecomstackBackendBackendSecurityGroup987E976C8000947E9AB3
287+
: Type: AWS::EC2::SecurityGroupEgress
288288
Properties:
289289
GroupId:
290290
Fn::GetAtt:
@@ -408,6 +408,37 @@ Resources:
408408
Version: "2012-10-17"
409409
Metadata:
410410
aws:cdk:path: dev-mysite-com-stack/StaticSiteBucket/StaticSiteBucket/Policy/Resource
411+
BackendAssetsAssetsBucket62473847:
412+
Type: AWS::S3::Bucket
413+
Properties:
414+
BucketName: dev-mysite-com-assets
415+
Tags:
416+
- Key: StackName
417+
Value: dev-mysite-com
418+
UpdateReplacePolicy: Retain
419+
DeletionPolicy: Retain
420+
Metadata:
421+
aws:cdk:path: dev-mysite-com-stack/BackendAssets/AssetsBucket/Resource
422+
BackendAssetsAssetsBucketPolicyE8C83357:
423+
Type: AWS::S3::BucketPolicy
424+
Properties:
425+
Bucket:
426+
Ref: BackendAssetsAssetsBucket62473847
427+
PolicyDocument:
428+
Statement:
429+
- Action: s3:GetObject
430+
Effect: Allow
431+
Principal: "*"
432+
Resource:
433+
Fn::Join:
434+
- ""
435+
- - Fn::GetAtt:
436+
- BackendAssetsAssetsBucket62473847
437+
- Arn
438+
- /static/*
439+
Version: "2012-10-17"
440+
Metadata:
441+
aws:cdk:path: dev-mysite-com-stack/BackendAssets/AssetsBucket/Policy/Resource
411442
StaticSiteCloudFrontDistributionCFDistributionA70E78CD:
412443
Type: AWS::CloudFront::Distribution
413444
Properties:
@@ -478,6 +509,48 @@ Resources:
478509
PathPattern: /flower/*
479510
TargetOriginId: origin1
480511
ViewerProtocolPolicy: redirect-to-https
512+
- AllowedMethods:
513+
- DELETE
514+
- GET
515+
- HEAD
516+
- OPTIONS
517+
- PATCH
518+
- POST
519+
- PUT
520+
CachedMethods:
521+
- GET
522+
- HEAD
523+
Compress: true
524+
ForwardedValues:
525+
Cookies:
526+
Forward: all
527+
Headers:
528+
- "*"
529+
QueryString: true
530+
PathPattern: /static/*
531+
TargetOriginId: origin3
532+
ViewerProtocolPolicy: redirect-to-https
533+
- AllowedMethods:
534+
- DELETE
535+
- GET
536+
- HEAD
537+
- OPTIONS
538+
- PATCH
539+
- POST
540+
- PUT
541+
CachedMethods:
542+
- GET
543+
- HEAD
544+
Compress: true
545+
ForwardedValues:
546+
Cookies:
547+
Forward: all
548+
Headers:
549+
- "*"
550+
QueryString: true
551+
PathPattern: /media/*
552+
TargetOriginId: origin3
553+
ViewerProtocolPolicy: redirect-to-https
481554
DefaultCacheBehavior:
482555
AllowedMethods:
483556
- GET
@@ -524,6 +597,12 @@ Resources:
524597
- - Ref: StaticSiteBucket6BF500B9
525598
- .s3-website-us-east-1.amazonaws.com
526599
Id: origin2
600+
- DomainName:
601+
Fn::GetAtt:
602+
- BackendAssetsAssetsBucket62473847
603+
- RegionalDomainName
604+
Id: origin3
605+
S3OriginConfig: {}
527606
PriceClass: PriceClass_100
528607
ViewerCertificate:
529608
AcmCertificateArn:
@@ -557,37 +636,6 @@ Resources:
557636
Value: dev-mysite-com
558637
Metadata:
559638
aws:cdk:path: dev-mysite-com-stack/Ecs/EcsCluster/Resource
560-
BackendAssetsAssetsBucket62473847:
561-
Type: AWS::S3::Bucket
562-
Properties:
563-
BucketName: dev-mysite-com-assets
564-
Tags:
565-
- Key: StackName
566-
Value: dev-mysite-com
567-
UpdateReplacePolicy: Retain
568-
DeletionPolicy: Retain
569-
Metadata:
570-
aws:cdk:path: dev-mysite-com-stack/BackendAssets/AssetsBucket/Resource
571-
BackendAssetsAssetsBucketPolicyE8C83357:
572-
Type: AWS::S3::BucketPolicy
573-
Properties:
574-
Bucket:
575-
Ref: BackendAssetsAssetsBucket62473847
576-
PolicyDocument:
577-
Statement:
578-
- Action: s3:GetObject
579-
Effect: Allow
580-
Principal: "*"
581-
Resource:
582-
Fn::Join:
583-
- ""
584-
- - Fn::GetAtt:
585-
- BackendAssetsAssetsBucket62473847
586-
- Arn
587-
- /static/*
588-
Version: "2012-10-17"
589-
Metadata:
590-
aws:cdk:path: dev-mysite-com-stack/BackendAssets/AssetsBucket/Policy/Resource
591639
RdsDBClusterDBSecret28397CCA:
592640
Type: AWS::SecretsManager::Secret
593641
Properties:
@@ -822,7 +870,7 @@ Resources:
822870
- - Ref: AWS::AccountId
823871
- .dkr.ecr.us-east-1.
824872
- Ref: AWS::URLSuffix
825-
- /aws-cdk/assets:315e2df1a1c69ccadd512a824f2ac30372ca3ad34f88048d06058db1be8f2bf9
873+
- /aws-cdk/assets:cecf15b2b6427c94fe8347ab93564105a951a8de4a7f7c927ada0374f2a9c97c
826874
LogConfiguration:
827875
LogDriver: awslogs
828876
Options:
@@ -917,8 +965,8 @@ Resources:
917965
- Ref: BackendBackendTaskExecutionRole3B22D4E5
918966
Metadata:
919967
aws:cdk:path: dev-mysite-com-stack/Backend/BackendTask/ExecutionRole/DefaultPolicy/Resource
920-
BackendBackendSecurityGroupfromdevmysitecomstackApplicationLoadBalancerALBSecurityGroup41CD7D0380003CD57722:
921-
Type: AWS::EC2::SecurityGroupIngress
968+
? BackendBackendSecurityGroupfromdevmysitecomstackApplicationLoadBalancerALBSecurityGroup41CD7D0380003CD57722
969+
: Type: AWS::EC2::SecurityGroupIngress
922970
Properties:
923971
IpProtocol: tcp
924972
Description: Load balancer to target
@@ -1028,7 +1076,7 @@ Resources:
10281076
- - Ref: AWS::AccountId
10291077
- .dkr.ecr.us-east-1.
10301078
- Ref: AWS::URLSuffix
1031-
- /aws-cdk/assets:315e2df1a1c69ccadd512a824f2ac30372ca3ad34f88048d06058db1be8f2bf9
1079+
- /aws-cdk/assets:cecf15b2b6427c94fe8347ab93564105a951a8de4a7f7c927ada0374f2a9c97c
10321080
LogConfiguration:
10331081
LogDriver: awslogs
10341082
Options:
@@ -1215,7 +1263,7 @@ Resources:
12151263
- - Ref: AWS::AccountId
12161264
- .dkr.ecr.us-east-1.
12171265
- Ref: AWS::URLSuffix
1218-
- /aws-cdk/assets:315e2df1a1c69ccadd512a824f2ac30372ca3ad34f88048d06058db1be8f2bf9
1266+
- /aws-cdk/assets:cecf15b2b6427c94fe8347ab93564105a951a8de4a7f7c927ada0374f2a9c97c
12191267
LogConfiguration:
12201268
LogDriver: awslogs
12211269
Options:
@@ -1401,7 +1449,7 @@ Resources:
14011449
- - Ref: AWS::AccountId
14021450
- .dkr.ecr.us-east-1.
14031451
- Ref: AWS::URLSuffix
1404-
- /aws-cdk/assets:315e2df1a1c69ccadd512a824f2ac30372ca3ad34f88048d06058db1be8f2bf9
1452+
- /aws-cdk/assets:cecf15b2b6427c94fe8347ab93564105a951a8de4a7f7c927ada0374f2a9c97c
14051453
LogConfiguration:
14061454
LogDriver: awslogs
14071455
Options:
@@ -1489,4 +1537,3 @@ Resources:
14891537
Type: AWS::CDK::Metadata
14901538
Properties:
14911539
Modules: aws-cdk=1.38.0,@aws-cdk/assets=1.38.0,@aws-cdk/aws-apigateway=1.38.0,@aws-cdk/aws-applicationautoscaling=1.38.0,@aws-cdk/aws-autoscaling=1.38.0,@aws-cdk/aws-autoscaling-common=1.38.0,@aws-cdk/aws-autoscaling-hooktargets=1.38.0,@aws-cdk/aws-batch=1.38.0,@aws-cdk/aws-certificatemanager=1.38.0,@aws-cdk/aws-cloudformation=1.38.0,@aws-cdk/aws-cloudfront=1.38.0,@aws-cdk/aws-cloudwatch=1.38.0,@aws-cdk/aws-codebuild=1.38.0,@aws-cdk/aws-codecommit=1.38.0,@aws-cdk/aws-codepipeline=1.38.0,@aws-cdk/aws-cognito=1.38.0,@aws-cdk/aws-ec2=1.38.0,@aws-cdk/aws-ecr=1.38.0,@aws-cdk/aws-ecr-assets=1.38.0,@aws-cdk/aws-ecs=1.38.0,@aws-cdk/aws-ecs-patterns=1.38.0,@aws-cdk/aws-elasticache=1.38.0,@aws-cdk/aws-elasticloadbalancing=1.38.0,@aws-cdk/aws-elasticloadbalancingv2=1.38.0,@aws-cdk/aws-events=1.38.0,@aws-cdk/aws-events-targets=1.38.0,@aws-cdk/aws-iam=1.38.0,@aws-cdk/aws-kms=1.38.0,@aws-cdk/aws-lambda=1.38.0,@aws-cdk/aws-logs=1.38.0,@aws-cdk/aws-rds=1.38.0,@aws-cdk/aws-route53=1.38.0,@aws-cdk/aws-route53-targets=1.38.0,@aws-cdk/aws-s3=1.38.0,@aws-cdk/aws-s3-assets=1.38.0,@aws-cdk/aws-s3-deployment=1.38.0,@aws-cdk/aws-sam=1.38.0,@aws-cdk/aws-secretsmanager=1.38.0,@aws-cdk/aws-servicediscovery=1.38.0,@aws-cdk/aws-sns=1.38.0,@aws-cdk/aws-sns-subscriptions=1.38.0,@aws-cdk/aws-sqs=1.38.0,@aws-cdk/aws-ssm=1.38.0,@aws-cdk/aws-stepfunctions=1.38.0,@aws-cdk/cloud-assembly-schema=1.38.0,@aws-cdk/core=1.38.0,@aws-cdk/custom-resources=1.38.0,@aws-cdk/cx-api=1.38.0,@aws-cdk/region-info=1.38.0,jsii-runtime=Python/3.6.8
1492-

backend/backend/settings/base.py

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -251,18 +251,14 @@
251251
# https://docs.djangoproject.com/en/2.1/howto/static-files/
252252

253253
AWS_DEFAULT_ACL = None
254-
255254
AWS_STORAGE_BUCKET_NAME = os.environ.get(
256255
"AWS_STORAGE_BUCKET_NAME", "bucketname"
257256
)
258257
AWS_S3_CUSTOM_DOMAIN = f"{AWS_STORAGE_BUCKET_NAME}.s3.amazonaws.com"
259258
AWS_S3_OBJECT_PARAMETERS = {
260259
"CacheControl": "max-age=86400",
261260
}
262-
263261
AWS_PRIVATE_MEDIA_LOCATION = "media/private"
264-
AWS_STATIC_LOCATION = "static"
265-
266262
PRIVATE_FILE_STORAGE = "backend.storage_backends.PrivateMediaStorage"
267263

268264

backend/backend/settings/production.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,9 @@
1212

1313
# AWS S3 Static Files
1414

15-
AWS_STATIC_LOCATION = "static"
1615
STATICFILES_STORAGE = "backend.storage_backends.StaticStorage"
17-
STATIC_URL = f"https://{AWS_S3_CUSTOM_DOMAIN}/{AWS_STATIC_LOCATION}/" # noqa
18-
16+
STATIC_URL = "/static/"
17+
MEDIA_URL = "/media/"
1918

2019
# Logging
2120

0 commit comments

Comments
 (0)