I'm working on an S3 static site that pulls in data files to create item cards for display. My goal is to use the bucket as a data store that I can update whenever I need to change the cards. In my testing phase, I used an AWS test user with credentials to read the data, along with proper CORS settings and IAM conditions to restrict access to my domain.
Now, I'm considering switching to a public bucket, keeping the same CORS policy and adding rate limiting through CloudFront to handle traffic. While I know Cognito can help manage user access, my main concern is the increased traffic rather than access control. Based on this, should I stick with CORS, a public bucket, and CloudFront caching and throttling, or is there a strong reason to use Cognito given my current needs?
2 Answers
Cognito isn't necessary for your situation. If your priority is handling high traffic rather than restricting access, then you're on the right track with CloudFront for caching and throttling.
You don't really need a public bucket at all. Using S3 with CloudFront is a better approach to manage your data securely. If you're worried about exposing your data, you can configure CloudFront to work with an IAM role that allows secure access to your S3 bucket without making it public.
Can you explain how that works? How do I set up CloudFront to access S3 without needing public access?