A Virtual Private Cloud Endpoint enables a private connection between a VPC and another AWS service without leaving the Amazon network. VPC endpoints also provide additional security features such as the ability to lock down S3 buckets to specific VPCs. This feature is available to Amazon EC2 instances running inside of a VPC, however many AWS customers would like to leverage VPC endpoints from remote networks.
This CDK module implements a highly available and scalable solution for providing access to a private S3 Static Website from remote networks via a VPC endpoint.
See example/lib/example-stack.ts for an example of a minimal deployable pattern definition.
new S3ProxyFarm(scope: Construct, id: string, props: S3ProxyFarmProps);
Parameters
- scope
Construct - id
string - props
S3ProxyFarmProps
| Name | Type | Description |
|---|---|---|
| vpc | Vpc |
VPC where proxy farm will be deployed. |
| websiteBucket | Bucket |
S3 Bucket hosting a static website. |
| autoScalingGroupProps? | AutoScalingGroupProps |
User provided props to override the default props for the proxy farm Auto Scaling Group. |
| cpuUtilizationScalingProps? | CpuUtilizationScalingProps |
User provided props to override the default props for the proxy farm CPU Utilization Scaling Policy. |
| allowedCIDRRanges? | Array<string> |
CIDR range of the peers that can access the reverse proxy (defaults to []). |
| websiteIndexDocument? | string |
Name of the index file for the static website (defaults to index.html). |
You can use the following helper method to expose the proxy farm using a Network Load Balancer:
createNetworkLoadBalancerListener(lb: NetworkLoadBalancer, listenerProps: BaseNetworkListenerProps, allowedCIDRRange: string)
Parameters
- lb
NetworkLoadBalancer - listenerProps
BaseNetworkListenerProps - allowedCIDRRange
string: Only allow access to the proxy farm to peers in the given CIDR range (defaults to 0.0.0.0/0)