I'm working on an S3 static site that uses data files to generate item cards for display. My plan is to have the S3 bucket serve as the data source so that I can update or change the item cards easily. Initially, I used AWS test user credentials for testing, with CORs and IAM policies set up to restrict access to just my domain. Now I'm considering switching to a public bucket with the same CORs policy and adding rate limiting through CloudFront to avoid using any AWS credentials in my JavaScript.
Given that I'm more focused on high traffic and throttling rather than user access control, is it okay to rely on CORs, a public bucket, and CloudFront's caching and throttling features while skipping Cognito? I don't see why I'd need Cognito in my use case.
2 Answers
Honestly, Cognito isn't necessary for your case. If your main focus is on throttling and handling high access rates, just stick with a public bucket and leverage CloudFront's caching and rate limiting features. Just make sure your CORS policies are set correctly to avoid any issues with your site displaying the data. Keep it simple!
You actually don’t need a public bucket at all. Instead, you can use S3 with CloudFront to securely deliver your content. The real concern should be about access and security. With CloudFront, you can set up the proper policies without needing to make your bucket public. This way, you can ensure controlled access while still being able to dynamically retrieve your data files for the website.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads