CloudFront

ALB

LB Origin 선택

HTTP만 해당 선택

Redirect HTTP to HTTPS

CachingDisabled(캐싱X) 선택

WAF 비활성화

모든 엣지 로케이션

Ipv6 끄기

S3 - ap-northeast-2

ap S3 버킷 Origin 선택

원본 액세스 제어 설정 선택

OAC 생성

S3 버킷 정책 편집

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::362708816803:role/us-wsi-bucket"
      },
      "Action": [
        "s3:ObjectOwnerOverrideToBucketOwner",
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags"
      ],
      "Resource": "arn:aws:s3:::ap-wsi-static-0109/*"
    },
    {
      "Sid": "AllowCloudFrontServicePrincipal",
      "Effect": "Allow",
      "Principal": {
        "Service": "cloudfront.amazonaws.com"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::ap-wsi-static-0109/*",
      "Condition": {
        "StringEquals": {
          "AWS:SourceArn": "arn:aws:cloudfront::362708816803:distribution/E1NJ0JY4XKT9L4"
        }
      }
    }
  ]
}
JSON
복사

S3 - us-east-1

us S3 버킷 Origin 선택

원본 액세스 제어 설정 선택

OAC 생성

S3 버킷 정책 편집

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::362708816803:role/ap-wsi-bucket"
      },
      "Action": [
        "s3:ObjectOwnerOverrideToBucketOwner",
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags"
      ],
      "Resource": "arn:aws:s3:::us-wsi-static-0109/*"
    },
    {
      "Sid": "AllowCloudFrontServicePrincipal",
      "Effect": "Allow",
      "Principal": {
        "Service": "cloudfront.amazonaws.com"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::us-wsi-static-0109/*",
      "Condition": {
        "StringEquals": {
          "AWS:SourceArn": "arn:aws:cloudfront::362708816803:distribution/E1NJ0JY4XKT9L4"
        }
      }
    }
  ]
}
JSON
복사

원본 그룹 생성

동작 편집 - 기본

캐싱 활성화

동작 생성 - ALB

캐싱 비활성화

태그 추가 Name : wsi-cdn