diff --git a/packages/prerender-fargate/index.ts b/packages/prerender-fargate/index.ts index ea3f8229..10b6b010 100644 --- a/packages/prerender-fargate/index.ts +++ b/packages/prerender-fargate/index.ts @@ -1,4 +1,9 @@ import { PrerenderFargate } from "./lib/prerender-fargate"; import { PrerenderFargateOptions } from "./lib/prerender-fargate-options"; +import { PrerenderTokenUrlAssociationProps as PrerenderTokenUrlAssociationOptions } from "./lib/recaching/prerender-tokens"; -export { PrerenderFargate, PrerenderFargateOptions }; +export { + PrerenderFargate, + PrerenderFargateOptions, + PrerenderTokenUrlAssociationOptions, +}; diff --git a/packages/prerender-fargate/lib/prerender-fargate.ts b/packages/prerender-fargate/lib/prerender-fargate.ts index bd8e0b49..e17fe81c 100644 --- a/packages/prerender-fargate/lib/prerender-fargate.ts +++ b/packages/prerender-fargate/lib/prerender-fargate.ts @@ -115,15 +115,6 @@ export class PrerenderFargate extends Construct { blockPublicAccess: BlockPublicAccess.BLOCK_ALL, }); - // Configure access to the bucket for the container - const user = new User(this, "PrerenderAccess"); - this.bucket.grantReadWrite(user); - - const accessKey = new AccessKey(this, "PrerenderAccessKey", { - user: user, - serial: 1, - }); - const vpcLookup = vpcId ? { vpcId: vpcId } : { isDefault: true }; const vpc = ec2.Vpc.fromLookup(this, "vpc", vpcLookup); @@ -165,8 +156,6 @@ export class PrerenderFargate extends Construct { containerPort: 3000, environment: { S3_BUCKET_NAME: this.bucket.bucketName, - AWS_ACCESS_KEY_ID: accessKey.accessKeyId, - AWS_SECRET_ACCESS_KEY: accessKey.secretAccessKey.unsafeUnwrap(), AWS_REGION: Stack.of(this).region, ENABLE_REDIRECT_CACHE: enableRedirectCache || "false", TOKEN_LIST: tokenList.toString(), @@ -188,7 +177,10 @@ export class PrerenderFargate extends Construct { ), } ); - + + // Grant S3 Bucket access to the task role + this.bucket.grantReadWrite(fargateService.taskDefinition.taskRole); + // As the prerender service will return a 401 on all unauthorised requests // It should be considered healthy when receiving a 401 response fargateService.targetGroup.configureHealthCheck({