Merge pull request #384 from kevincerro/hotfix/static-website-public-access

mnapoli · web-flow · commit 0d56286371e9 · 2024-06-22T09:40:42.000+02:00
Add BlockPublicAccess required config
diff --git a/src/constructs/aws/StaticWebsite.ts b/src/constructs/aws/StaticWebsite.ts
@@ -3,6 +3,7 @@ import { FunctionEventType } from "aws-cdk-lib/aws-cloudfront";
 import type { Construct as CdkConstruct } from "constructs";
 import type { AwsProvider } from "@lift/providers";
 import type { BucketProps } from "aws-cdk-lib/aws-s3";
+import { BlockPublicAccess } from "aws-cdk-lib/aws-s3";
 import { RemovalPolicy } from "aws-cdk-lib";
 import { redirectToMainDomain } from "../../classes/cloudfrontFunctions";
 import { getCfnFunctionAssociations } from "../../utils/getDefaultCfnFunctionAssociations";
@@ -71,6 +72,12 @@ export class StaticWebsite extends StaticWebsiteAbstract {
             websiteErrorDocument: this.errorPath(),
             // public read access is required when enabling static website hosting
             publicReadAccess: true,
+            blockPublicAccess: new BlockPublicAccess({
+                blockPublicAcls: false,
+                blockPublicPolicy: false,
+                ignorePublicAcls: false,
+                restrictPublicBuckets: false,
+            }),
             // For a static website, the content is code that should be versioned elsewhere
             removalPolicy: RemovalPolicy.DESTROY,
         };
