Merge f7298fe into 0553f75

serverless-nextjs · Sep 27, 2021 · ad1651b · ad1651b
2 parents 0553f75 + f7298fe
commit ad1651b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 40 deletions.
diff --git a/...serverless-components/nextjs-cdk-construct/__tests__/__snapshots__/snapshots.test.ts.snap b/...serverless-components/nextjs-cdk-construct/__tests__/__snapshots__/snapshots.test.ts.snap
@@ -1742,6 +1742,10 @@ Object {
               "GET",
               "HEAD",
               "OPTIONS",
+              "PUT",
+              "PATCH",
+              "POST",
+              "DELETE",
             ],
             "CachePolicyId": Object {
               "Ref": "StackNextLambdaCacheF214CEF2",
@@ -2165,25 +2169,6 @@ Object {
         },
         "PolicyDocument": Object {
           "Statement": Array [
-            Object {
-              "Action": "s3:GetObject",
-              "Effect": "Allow",
-              "Principal": "*",
-              "Resource": Object {
-                "Fn::Join": Array [
-                  "",
-                  Array [
-                    Object {
-                      "Fn::GetAtt": Array [
-                        "StackPublicAssets8F0F4FE8",
-                        "Arn",
-                      ],
-                    },
-                    "/*",
-                  ],
-                ],
-              },
-            },
             Object {
               "Action": Array [
                 "s3:GetObject*",
@@ -4280,6 +4265,10 @@ Object {
               "GET",
               "HEAD",
               "OPTIONS",
+              "PUT",
+              "PATCH",
+              "POST",
+              "DELETE",
             ],
             "CachePolicyId": Object {
               "Ref": "StackNextLambdaCacheF214CEF2",
@@ -4703,25 +4692,6 @@ Object {
         },
         "PolicyDocument": Object {
           "Statement": Array [
-            Object {
-              "Action": "s3:GetObject",
-              "Effect": "Allow",
-              "Principal": "*",
-              "Resource": Object {
-                "Fn::Join": Array [
-                  "",
-                  Array [
-                    Object {
-                      "Fn::GetAtt": Array [
-                        "StackPublicAssets8F0F4FE8",
-                        "Arn",
-                      ],
-                    },
-                    "/*",
-                  ],
-                ],
-              },
-            },
             Object {
               "Action": Array [
                 "s3:GetObject*",

diff --git a/packages/serverless-components/nextjs-cdk-construct/src/index.ts b/packages/serverless-components/nextjs-cdk-construct/src/index.ts
@@ -78,7 +78,7 @@ export class NextJSLambdaEdge extends cdk.Construct {
     this.defaultManifest = this.readDefaultManifest();
     this.prerenderManifest = this.readPrerenderManifest();
     this.bucket = new s3.Bucket(this, "PublicAssets", {
-      publicReadAccess: true,
+      publicReadAccess: false, // CloudFront/Lambdas are granted access so we don't want it publicly available
 
       // Given this resource is created internally and also should only contain
       // assets uploaded by this library we should be able to safely delete all
@@ -308,7 +308,7 @@ export class NextJSLambdaEdge extends cdk.Construct {
           viewerProtocolPolicy:
             cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
           origin: new origins.S3Origin(this.bucket),
-          allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
+          allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
           cachedMethods: cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS,
           compress: true,
           cachePolicy: this.nextLambdaCachePolicy,