{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":262669099,"defaultBranch":"master","name":"amazon-cloudfront-secure-static-site","ownerLogin":"aws-samples","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-05-09T22:20:35.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/8931462?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1712736339.0","currentOid":""},"activityList":{"items":[{"before":"bd2d4b3e5a90414bf27eef606adf0d06ffb7ddf7","after":"1af0cd231def7226a2a1e1d0e24372002cb87819","ref":"refs/heads/master","pushedAt":"2024-05-17T13:20:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Update instructions for modifying security headers (#74)\n\nUpdate instructions for modifying security headers\r\n\r\nThis solution now uses CloudFront Response headers, and these can be edited in the cloudfront-site.yaml template. See issue [73](https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/73","shortMessageHtmlLink":"Update instructions for modifying security headers (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2255182975\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/74\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/74/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/74\">#74</a>)"}},{"before":"0982d8f323a58ebab3ac7eda5e3e70a956b0e1d1","after":"bd2d4b3e5a90414bf27eef606adf0d06ffb7ddf7","ref":"refs/heads/master","pushedAt":"2024-04-10T08:05:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Bump to Node20 (#72)\n\n* Bump to Node20\r\n* Upgrade to aws-js-sdk-v3\r\n\r\n---------\r\n\r\nCo-authored-by: Connor Kirkpatrick <ckp@amazon.com>","shortMessageHtmlLink":"Bump to Node20 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2226917941\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/72\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/72/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/72\">#72</a>)"}},{"before":"a77332eecadf3318784b98a13cbb098d9e0a4c13","after":null,"ref":"refs/heads/fix-origin-access-config-name-length-issue","pushedAt":"2023-09-21T13:53:29.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"}},{"before":"dbf733452b0a977335389d31dcb2d3407f0e8f83","after":"0982d8f323a58ebab3ac7eda5e3e70a956b0e1d1","ref":"refs/heads/master","pushedAt":"2023-09-21T13:53:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Use Stack ID for OriginAccessControl.Name property (#69)\n\n* Add link to repo in template description\r\n* Derive OACConfig name from StackId\r\n* Bump version\r\n\r\nUse the Stack ID for the `OriginAccessControlConfig.Name` property.\r\n\r\nThe template fails to deploy when the stack name is longer than 64 characters. The `OriginAccessControlConfig` resource fails to create, with a generic `InvalidRequest` error. The `Name` property has. a max length of 64 characters.\r\n\r\nThe OriginAccessControlConfig.Name property was set to `!Sub 'oac-${AWS::StackName}-${AWS::Region}'`. For sufficiently long stack names (including the default stack name), this triggered the bug described above.\r\n\r\n`OriginAccessControlConfig` resources must have a unique `Name` across all regions for an account. To ensure this, the `Name` property was derived from both the StackName and Region. The max length of a stack name is 128 characters. This is longer than the 64 characters allowed by the OACConfig Name property.","shortMessageHtmlLink":"Use Stack ID for OriginAccessControl.Name property (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1903143838\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/69\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/69/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/69\">#69</a>)"}},{"before":"d861ec029f7f6d0641c73c3e5a162138b412015e","after":"a77332eecadf3318784b98a13cbb098d9e0a4c13","ref":"refs/heads/fix-origin-access-config-name-length-issue","pushedAt":"2023-09-21T13:50:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Include application name","shortMessageHtmlLink":"Include application name"}},{"before":"1a76f1d2599128e4a913841a8609ac563494bc61","after":"d861ec029f7f6d0641c73c3e5a162138b412015e","ref":"refs/heads/fix-origin-access-config-name-length-issue","pushedAt":"2023-09-21T13:45:13.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Bump version","shortMessageHtmlLink":"Bump version"}},{"before":"46db5d004e16cdf0c75277f0811c2ecc1ce32dc6","after":"1a76f1d2599128e4a913841a8609ac563494bc61","ref":"refs/heads/fix-origin-access-config-name-length-issue","pushedAt":"2023-09-21T13:38:32.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Derive OACConfig name from StackId","shortMessageHtmlLink":"Derive OACConfig name from StackId"}},{"before":"d55c90eb490f86780e0195436b65c1616d1d7beb","after":"46db5d004e16cdf0c75277f0811c2ecc1ce32dc6","ref":"refs/heads/fix-origin-access-config-name-length-issue","pushedAt":"2023-09-19T15:43:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Simplify OAC Name\n\nRemove the region component of the name.\nThis template can only be deployed in us-east-1.","shortMessageHtmlLink":"Simplify OAC Name"}},{"before":null,"after":"d55c90eb490f86780e0195436b65c1616d1d7beb","ref":"refs/heads/fix-origin-access-config-name-length-issue","pushedAt":"2023-09-19T14:23:20.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Add link to repo in template description","shortMessageHtmlLink":"Add link to repo in template description"}},{"before":"bff6284ae6a6d1d67eda1da87f9496dca63bea81","after":null,"ref":"refs/heads/format-readme","pushedAt":"2023-09-19T14:09:31.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"}},{"before":"40e08772fbcb0d60af662ffc12582dbc0dbabe94","after":"dbf733452b0a977335389d31dcb2d3407f0e8f83","ref":"refs/heads/master","pushedAt":"2023-09-19T14:08:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Format README using prettier (#68)","shortMessageHtmlLink":"Format README using prettier (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1903001808\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/68\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/68/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/68\">#68</a>)"}},{"before":null,"after":"bff6284ae6a6d1d67eda1da87f9496dca63bea81","ref":"refs/heads/format-readme","pushedAt":"2023-09-19T13:30:12.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Format README using prettier","shortMessageHtmlLink":"Format README using prettier"}},{"before":"74fe81cf1e8fbcfe5f3b257c9f78a3316fef2dbd","after":null,"ref":"refs/heads/feature/origin-access-control","pushedAt":"2023-08-10T11:43:18.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"}},{"before":"2f5fe546f20fef26a4168c8609e96396eec42e60","after":"40e08772fbcb0d60af662ffc12582dbc0dbabe94","ref":"refs/heads/master","pushedAt":"2023-08-10T11:43:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Use Origin Access Control (#65)\n\nUse Origin Access Control\r\n\r\n* Swap from Origin Access Identity to Origin Access Control\r\n* Bump version\r\n\r\nIssue #63","shortMessageHtmlLink":"Use Origin Access Control (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1843526985\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/65\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/65/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/65\">#65</a>)"}},{"before":"5341430f6927da707a0becad978814e4db029cc7","after":"74fe81cf1e8fbcfe5f3b257c9f78a3316fef2dbd","ref":"refs/heads/feature/origin-access-control","pushedAt":"2023-08-10T11:27:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Add region to OriginAccessControl name\n\nThe OAC name is unique across all\nregions in an account.\nA stackname is not unique across all regions in an account.\nCombining with the region overcomes this","shortMessageHtmlLink":"Add region to OriginAccessControl name"}},{"before":"2cdbbb691be91687ade2853deca24ff00ceda30b","after":"5341430f6927da707a0becad978814e4db029cc7","ref":"refs/heads/feature/origin-access-control","pushedAt":"2023-08-10T09:47:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Bump version","shortMessageHtmlLink":"Bump version"}},{"before":null,"after":"2cdbbb691be91687ade2853deca24ff00ceda30b","ref":"refs/heads/feature/origin-access-control","pushedAt":"2023-08-09T15:33:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Use Origin Access Control\n\nSwap from Origin Access Identity to Origin Access Control\n\nIssue #63","shortMessageHtmlLink":"Use Origin Access Control"}},{"before":"7ce53f62908fe8d5ed5c3b87b9142adfa6439b32","after":null,"ref":"refs/heads/chore/reformat","pushedAt":"2023-08-09T15:32:09.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"}},{"before":"99e9cadd84b606966e42b8acbb4663664045ada1","after":"2f5fe546f20fef26a4168c8609e96396eec42e60","ref":"refs/heads/master","pushedAt":"2023-08-09T15:31:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Reformat templates using prettier (#64)\n\n* Reformat templates using prettier\r\n* Add prettier config\r\n* Reformat witch","shortMessageHtmlLink":"Reformat templates using prettier (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1843288713\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/64\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/64/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/64\">#64</a>)"}},{"before":"714ad1ac240e78297a79b32deb37a95280678dfe","after":"7ce53f62908fe8d5ed5c3b87b9142adfa6439b32","ref":"refs/heads/chore/reformat","pushedAt":"2023-08-09T14:57:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Reformat witch","shortMessageHtmlLink":"Reformat witch"}},{"before":"e49b99bca1b57705708720d3fa4bbc6751247c52","after":"714ad1ac240e78297a79b32deb37a95280678dfe","ref":"refs/heads/chore/reformat","pushedAt":"2023-08-09T14:10:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Add prettier config","shortMessageHtmlLink":"Add prettier config"}},{"before":null,"after":"e49b99bca1b57705708720d3fa4bbc6751247c52","ref":"refs/heads/chore/reformat","pushedAt":"2023-08-09T13:47:06.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Reformat templates using prettier","shortMessageHtmlLink":"Reformat templates using prettier"}},{"before":"c2549dd9975610add4b9c38cc4eae83eb641d524","after":null,"ref":"refs/heads/fix/S3BucketLogs-ownership-controls","pushedAt":"2023-05-17T16:16:03.201Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"}},{"before":"4ea9735506274d42e7fc46aed14c215d3f954ee1","after":"99e9cadd84b606966e42b8acbb4663664045ada1","ref":"refs/heads/master","pushedAt":"2023-05-17T16:15:56.900Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Explicitly enable S3 ACLs for logging bucket (#61)\n\nThis is needed due to default behaviour changes in S3[1].\r\nThe newbehaviour breaks new deployments due to AccessControl being an ACL directive, and ACLs being disabled-by-default.\r\nIt is necessary for us to enable ACLs as currently CloudFront only supports logging to S3 buckets with ACLs enabled. Bucket policies are not an alternate option, CloudFront will refuse to deploy if the logging bucket does not support ACLs.\r\n\r\nThe OwnershipControls rule enables ACL behaviours. Note that I have\r\nchosen to set this to \"Bucket owner preferred\" which is not the\r\ndefault value. This seems like the more appropriate option - it allows\r\nACLs to continue to be enabled but makes new objects owned by the bucket\r\nowner's account. See the docs[3] for more info.\r\n\r\nReferences:\r\n\r\nhttps://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html","shortMessageHtmlLink":"Explicitly enable S3 ACLs for logging bucket (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1707850925\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/61\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/61/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/61\">#61</a>)"}},{"before":"180f0ff9c73819a24e7eb2f1de61e8b7086ab11c","after":"c2549dd9975610add4b9c38cc4eae83eb641d524","ref":"refs/heads/fix/S3BucketLogs-ownership-controls","pushedAt":"2023-05-17T16:12:07.225Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Explicitly enable S3 ACLs for logging bucket\n\nThis is needed due to default behaviour changes in S3[1].\nThe newbehaviour breaks new deployments due to AccessControl being an\nACL directive, and ACLs being disabled-by-default.\nIt is necessary for us to enable ACLs as currently CloudFront only\nsupports logging to S3 buckets with ACLs enabled. Bucket policies are\nnot an alternate option, CloudFront will refuse to deploy if the logging\nbucket does not support ACLs.\n\nThe OwnershipControls rule enables ACL behaviours. Note that I have\nchosen to set this to \"Bucket owner preferred\" which is not the\ndefault value. This seems like the more appopriate option - it allows\nACLs to continue to be enabled but makes new objects owned by the bucket\nowner's account. See the docs[3] for more info.\n\nReferences:\n\nhttps://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/\nhttps://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html\nhttps://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html","shortMessageHtmlLink":"Explicitly enable S3 ACLs for logging bucket"}},{"before":"57ec759fe0c5ca90429eb334f8d6a8af1af11354","after":null,"ref":"refs/heads/fix/upgrady-ruby-setup","pushedAt":"2023-05-17T16:11:20.798Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"}},{"before":"f842f644333ff1e3207b9c362d51f6f129794110","after":"4ea9735506274d42e7fc46aed14c215d3f954ee1","ref":"refs/heads/master","pushedAt":"2023-05-17T16:11:16.838Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Upgrade ruby action (#62)\n\nThe actions/setup-ruby action is deprecated\r\nThis commit updates the CI job to use the new ruby setup action","shortMessageHtmlLink":"Upgrade ruby action (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1714199840\" data-permission-text=\"Title is private\" data-url=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/issues/62\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/aws-samples/amazon-cloudfront-secure-static-site/pull/62/hovercard\" href=\"https://github.com/aws-samples/amazon-cloudfront-secure-static-site/pull/62\">#62</a>)"}},{"before":null,"after":"57ec759fe0c5ca90429eb334f8d6a8af1af11354","ref":"refs/heads/fix/upgrady-ruby-setup","pushedAt":"2023-05-17T15:46:24.438Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Upgrade ruby action\n\nThe actions/setup-ruby action is deprecated\nThis commit updates the CI job to use the new ruby setup action","shortMessageHtmlLink":"Upgrade ruby action"}},{"before":"273354833162b93fc5aa5e123be1531daf4b815e","after":"180f0ff9c73819a24e7eb2f1de61e8b7086ab11c","ref":"refs/heads/fix/S3BucketLogs-ownership-controls","pushedAt":"2023-05-12T15:39:18.186Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Explicitly enable S3 ACLs for logging bucket\n\nThis is needed due to default behaviour changes in S3[1].\nThe newbehaviour breaks new deployments due to AccessControl being an\nACL directive, and ACLs being disabled-by-default.\nIt is necessary for us to enable ACLs as currently CloudFront only\nsupports logging to S3 buckets with ACLs enabled. Bucket policies are\nnot an alternate option, CloudFront will refuse to deploy if the logging\nbucket does not support ACLs.\n\nThe OwnershipControls rule enables ACL behaviours. Note that I have\nchosen to set this to \"Bucket owner preferred\" which is not the\ndefault value. This seems like the more appopriate option - it allows\nACLs to continue to be enabled but makes new objects owned by the bucket\nowner's account. See the docs[3] for more info.\n\nReferences:\n\nhttps://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/\nhttps://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html\nhttps://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html","shortMessageHtmlLink":"Explicitly enable S3 ACLs for logging bucket"}},{"before":null,"after":"273354833162b93fc5aa5e123be1531daf4b815e","ref":"refs/heads/fix/S3BucketLogs-ownership-controls","pushedAt":"2023-05-11T16:25:49.049Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ConnorKirk","name":"Connor Kirkpatrick","path":"/ConnorKirk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/17845406?s=80&v=4"},"commit":{"message":"Convert S3BucketLogs resource to disable ACL","shortMessageHtmlLink":"Convert S3BucketLogs resource to disable ACL"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAETPFaywA","startCursor":null,"endCursor":null}},"title":"Activity · aws-samples/amazon-cloudfront-secure-static-site"}