[OSDEV-899] Move React application to the S3 bucket #449

roninzp · 2024-12-10T14:02:05Z

After moving the React application to an S3 bucket, we transfer the processing of part of the traffic to the CDN, which allows us to use the computing resources of the ECS cluster more efficiently.

coderabbitai

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (2)

deployment/terraform/cdn.tf (2)

26-32: Consider enabling versioning for production environments

Versioning is currently suspended, which could make it difficult to recover from accidental deletions or modifications. For production environments, it's recommended to enable versioning.

Consider enabling versioning and adding lifecycle rules:

resource "aws_s3_bucket_versioning" "react" {
  bucket = aws_s3_bucket.react.id
  versioning_configuration {
    status = "Enabled"  # Enable for production
  }
}

resource "aws_s3_bucket_lifecycle_rule" "react" {
  bucket = aws_s3_bucket.react.id
  id      = "cleanup-old-versions"
  enabled = true

  noncurrent_version_expiration {
    days = 30  # Adjust retention period as needed
  }
}

Line range hint 42-467: Add security headers and origin failover

The CloudFront distribution is missing important security headers and origin failover configuration.

Consider adding:

Security headers using Lambda@Edge or CloudFront Functions
Origin failover for high availability

Example configuration for security headers using CloudFront Functions:

resource "aws_cloudfront_function" "security_headers" {
  name    = "security-headers"
  runtime = "cloudfront-js-1.0"
  code    = <<-EOT
function handler(event) {
    var response = event.response;
    var headers = response.headers;
    
    headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'};
    headers['x-content-type-options'] = { value: 'nosniff'};
    headers['x-frame-options'] = { value: 'DENY'};
    headers['x-xss-protection'] = { value: '1; mode=block'};
    headers['referrer-policy'] = { value: 'same-origin'};
    headers['content-security-policy'] = { value: "default-src 'self'"};
    
    return response;
}
EOT
}

For the CloudFront distribution, add:

  # In default_cache_behavior and ordered_cache_behavior blocks
  function_association {
    event_type   = "viewer-response"
    function_arn = aws_cloudfront_function.security_headers.arn
  }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0c90d10 and 149d104.

📒 Files selected for processing (1)

deployment/terraform/cdn.tf (4 hunks)

deployment/terraform/cdn.tf

sonarqubecloud · 2024-12-18T13:21:12Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[OSDEV-899] Move React application to the S3 bucket

c91e2eb

roninzp temporarily deployed to Quality Environment December 10, 2024 14:02 — with GitHub Actions Inactive

Merge branch 'main' into OSDEV-899/move-react-to-s3

0c90d10

roninzp temporarily deployed to Quality Environment December 10, 2024 14:02 — with GitHub Actions Inactive

roninzp had a problem deploying to Quality Environment December 10, 2024 14:02 — with GitHub Actions Failure

roninzp temporarily deployed to Quality Environment December 10, 2024 14:02 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 13, 2024 14:22 — with GitHub Actions Inactive

coderabbitai bot reviewed Dec 13, 2024

View reviewed changes

deployment/terraform/cdn.tf Show resolved Hide resolved

deployment/terraform/cdn.tf Show resolved Hide resolved

deployment/terraform/cdn.tf Show resolved Hide resolved

roninzp temporarily deployed to Quality Environment December 13, 2024 14:24 — with GitHub Actions Inactive

roninzp temporarily deployed to Development December 13, 2024 14:27 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 13, 2024 14:29 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 13, 2024 14:30 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 13, 2024 14:39 — with GitHub Actions Inactive

coderabbitai bot mentioned this pull request Dec 16, 2024

[OSDEV-1474] Add contributor type to /api/contributors/ endpoint #461

Merged

Merge branch 'main' into OSDEV-899/move-react-to-s3

b4cdf8f

roninzp temporarily deployed to Quality Environment December 18, 2024 13:20 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 18, 2024 13:22 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 18, 2024 13:27 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 18, 2024 13:28 — with GitHub Actions Inactive

roninzp temporarily deployed to Quality Environment December 18, 2024 13:37 — with GitHub Actions Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[OSDEV-899] Move React application to the S3 bucket #449

[OSDEV-899] Move React application to the S3 bucket #449

roninzp commented Dec 10, 2024 •

edited

Loading

coderabbitai bot left a comment

sonarqubecloud bot commented Dec 18, 2024 •

edited

Loading

[OSDEV-899] Move React application to the S3 bucket #449

Are you sure you want to change the base?

[OSDEV-899] Move React application to the S3 bucket #449

Conversation

roninzp commented Dec 10, 2024 • edited Loading

coderabbitai bot left a comment

Choose a reason for hiding this comment

sonarqubecloud bot commented Dec 18, 2024 • edited Loading

Quality Gate passed

roninzp commented Dec 10, 2024 •

edited

Loading

sonarqubecloud bot commented Dec 18, 2024 •

edited

Loading