From 9cacc58bb54bd1a8351c6d9e500e4278486a59df Mon Sep 17 00:00:00 2001 From: gracelu0 Date: Mon, 19 Aug 2024 12:13:01 -0700 Subject: [PATCH] Add note about bucket object ownership with OAC --- packages/aws-cdk-lib/aws-cloudfront-origins/README.md | 2 ++ packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 1 + 2 files changed, 3 insertions(+) diff --git a/packages/aws-cdk-lib/aws-cloudfront-origins/README.md b/packages/aws-cdk-lib/aws-cloudfront-origins/README.md index 3af4dc62a3bc9..77205499e5600 100644 --- a/packages/aws-cdk-lib/aws-cloudfront-origins/README.md +++ b/packages/aws-cdk-lib/aws-cloudfront-origins/README.md @@ -13,6 +13,8 @@ To set up an origin using a standard S3 bucket, use the `S3BucketOrigin` class. is handled as a bucket origin and CloudFront's redirect and error handling will be used. It is recommended to use `S3BucketOrigin.withOriginAccessControl()` to configure OAC for your origin. +> Note: When you use CloudFront OAC with Amazon S3 bucket origins, you must set Amazon S3 Object Ownership to Bucket owner enforced (the default for new Amazon S3 buckets). If you require ACLs, use the Bucket owner preferred setting to maintain control over objects uploaded via CloudFront. + ```ts const myBucket = new s3.Bucket(this, 'myBucket'); new cloudfront.Distribution(this, 'myDist', { diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 84c4f3e0032af..9e980cc71faae 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -1331,6 +1331,7 @@ Unlike most feature flags, we don't recommend setting this feature flag to true. the event object, then setting this feature flag will keep this behavior. Otherwise, setting this feature flag to false will trigger an 'Update' event by removing the 'logApiResponseData' property from the event object. + | Since | Default | Recommended | | ----- | ----- | ----- | | (not in v1) | | |