How to deploy a static site with CloudFront and S3 using Python?

Question

Pulumi · Accepted Answer

Sure, let's break it down:

To host a static website, we'll need an S3 bucket to store the website's files and a CloudFront CDN to distribute it. 
Here's what the program will do:

1. Create an S3 bucket to store your static website files.
2. Create a CloudFront origin access identity which CloudFront will use to get the files from your bucket.
3. Update the S3 bucket policy to allow CloudFront's origin access identity to get the files.
4. Create a CloudFront distribution that points to your S3 bucket.

Here's the Pulumi Python program that accomplishes this:

```python
import pulumi
import pulumi_aws as aws

# Create a new S3 bucket to store the static files
s3_bucket = aws.s3.Bucket('my-bucket')

# Create a bucket policy for the S3 bucket to allow CloudFront to access
bucket_policy = aws.s3.BucketPolicy('my-bucket-policy', 
    bucket=s3_bucket.bucket,
    policy=s3_bucket.bucket.apply(lambda b: json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                f"arn:aws:s3:::{b}/*", # grant access to all files in bucket
            ],
        }],
    }))
)

# Create a CloudFront origin access identity for our distribution
cf_origin_access_identity = aws.cloudfront.OriginAccessIdentity('bucket-oai')

# Create a new CloudFront distribution that points to the S3 bucket
cloudfront_distribution = aws.cloudfront.Distribution('my-cloudfront-distribution',
    enabled=True,
    origins=[{
        'originId': s3_bucket.bucket,
        'domainName': s3_bucket.bucket_regional_domain_name,
        's3OriginConfig': {
            'originAccessIdentity': cf_origin_access_identity.cloudfront_access_identity_path,
        },
    }],
    default_root_object='index.html',
    default_cache_behavior={
        'targetOriginId': s3_bucket.bucket,
        'viewerProtocolPolicy': 'redirect-to-https',
        'allowedMethods': ['GET', 'HEAD', 'OPTIONS'],
        'cachedMethods': ['GET', 'HEAD', 'OPTIONS'],
        'forwardedValues': {
            'queryString': False,
            'cookies': { 'forward': 'none' },
        },
    },
    priceClass='PriceClass_100', # possible values: PriceClass_All, PriceClass_200, PriceClass_100
    restrictions={
        'geoRestriction': { 'restrictionType': 'none' },
    },
    viewerCertificate={
        'cloudfrontDefaultCertificate': True,
    },
)

# Export the website url
pulumi.export('website_url', cloudfront_distribution.domain_name)
```

This program will launch an S3 bucket and a CloudFront CDN configured to serve a static website. As its output, it prints the URL at which the website can be accessed.

You can then use the AWS CLI or other S3-compatible tooling to sync your static website content to this bucket. The CloudFront distribution will serve the website content globally with low latency.