aws_s3_static_website_hosting#

An automation script to configure an S3 bucket for static website hosting.

aws_ops_alpha.vendor.aws_s3_static_website_hosting.get_public_ip() → str[source]#: Get your public IP address.

aws_ops_alpha.vendor.aws_s3_static_website_hosting.get_bucket_website(s3_client: S3Client, bucket: str) → Optional[dict][source]#

Get your existing bucket website configuration.

Returns:: the website configuration if it exists, otherwise None

aws_ops_alpha.vendor.aws_s3_static_website_hosting.enable_bucket_static_website_hosting(s3_client: S3Client, bucket: str, index_document: str = 'index.html', error_document: Optional[str] = None) → dict[source]#

Reference:

Enable static website hosting: https://docs.aws.amazon.com/AmazonS3/latest/userguide/HostingWebsiteOnS3Setup.html#step2-create-bucket-config-as-website

aws_ops_alpha.vendor.aws_s3_static_website_hosting.turn_off_block_public_access(s3_client: S3Client, bucket: str)[source]#

You have to turn off “block public access” settings in order to make your bucket serving static website.

Reference:

Edit Block Public Access settings: https://docs.aws.amazon.com/AmazonS3/latest/userguide/HostingWebsiteOnS3Setup.html#step3-edit-block-public-access

aws_ops_alpha.vendor.aws_s3_static_website_hosting.get_bucket_policy(s3_client: S3Client, bucket: str) → Optional[dict][source]#

Get your existing bucket policy.

Reference:

Get bucket policy: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3/client/get_bucket_policy.html

Returns:: the bucket policy if it exists, otherwise None

aws_ops_alpha.vendor.aws_s3_static_website_hosting.update_policy_statement(policy: dict, statements: List[dict]) → dict[source]#

Update a IAM policy statement in-place. It updates the statement based on the statement id.

Sample policy:

{
    "Version": "2012-10-17",
    "Statement": [
        ...
    ]
}

Sample statements:

[
    {
        "Sid": ...,
        "Effect": ...,
        "Principal": ...,
        "Action": ...,
        "Resource": ...,
    }
]

Example:

>>> policy = {
...     "Version": "2012-10-17",
...     "Statement": [
...         {
...             "Sid": "s-01",
...             ...,
...         },
...         {
...             "Sid": "s-02",
...             "Effect": "Allow",
...             ...
...         },
...     ]
... }
>>> statements = [
...     {
...         "Sid": "s-02",
...         "Effect": "Deny",
...         ...
...     }
... ]
>>> update_policy_statement(policy, statements)
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "s-01",
            ...,
        },
        {
            "Sid": "s-02",
            "Effect": "Deny",
            ...
        },
    ]
}

Parameters:

policy – the policy to update
statement – the statement to update

aws_ops_alpha.vendor.aws_s3_static_website_hosting.put_bucket_policy_for_public_website_hosting(s3_client: S3Client, bucket: str, s3_key_prefix_list: Optional[List[str]] = None)[source]#

Use this function to make your bucket absolutely public readable without restriction. This is useful when you want to host a public facing website.

Parameters:: s3_key_prefix_list – ptional list of S3 key prefixes to allow public read access

aws_ops_alpha.vendor.aws_s3_static_website_hosting.put_bucket_policy_for_website_hosting(s3_client: S3Client, bucket: str, s3_key_prefix_list: Optional[List[str]] = None, is_public: bool = False, allowed_ip_cidr_block_list: Optional[List[str]] = None, allowed_vpc_endpoint_list: Optional[List[str]] = None, allowed_vpc_ip_cidr_block_list: Optional[List[str]] = None, allowed_aws_account_id_list: Optional[List[str]] = None, allowed_iam_user_id_list: Optional[List[str]] = None, allowed_iam_role_id_list: Optional[List[str]] = None)[source]#

Use this function to make your bucket absolutely public readable with some restrictions (e.g. only from a specific IP address or VPC). This is useful when you want to host a internal facing website.

Reference:

Add a bucket policy that makes your bucket content publicly available: https://docs.aws.amazon.com/AmazonS3/latest/userguide/HostingWebsiteOnS3Setup.html#step4-add-bucket-policy-make-content-public
How can I restrict access to my Amazon S3 bucket using specific VPC endpoints or IP addresses?: https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip

Parameters:

s3_client –
bucket –
s3_key_prefix_list – the s3 key prefix that is allowed to access. if not provided, then all s3 objects in the bucket is allowed
is_public – if True, then the bucket will be public. either you set is_public to True, either specify all of allowed_xyz parameters, you cannot do both
allowed_ip_cidr_block_list –
allowed_vpc_ip_cidr_block_list –
allowed_vpc_endpoint_list –
allowed_aws_account_id_list –
allowed_iam_user_id_list – IAM user id is the UserId field in the boto3.client(“sts”).get_caller_identity() response
allowed_iam_role_id_list – IAM role id is the UserId field in the boto3.client(“sts”).get_caller_identity() response