@myhelix-cdk/static-site v0.36.1

static-site

Notes

Using an OAI to access the S3 bucket precludes using encryption except for AES256 (aka s3.BucketEncryption.S3_MANAGED)

If you are retrofitting this onto an bucket which already has KMS encryption (the Helix default), you will need to re-encrypt the bucket contents.

Here's a handy shell script to automate that:

PROFILE=hipaa-staging
BUCKET=portal.staging.helix.com

for OBJECT in aws --profile $PROFILE s3api list-objects --bucket "$BUCKET" | jq --raw-output '.Contents[].Key'
; do
  T="s3://$BUCKET/$OBJECT"
  aws --profile $PROFILE s3 cp --sse AES256 "$T" "$T"
done