Deploy to AWS via Serverless requires serverless-lift 1.12.1 || ^1.16.0

joconor · May 13, 2022, 4:22pm

In between 1.12.1 and the just released 1.16.0, the serverless-lift plug-in was broken with regard to the behavior of the static-website construct used by RedwoodJS to deploy front-end (web) bits.
The broken behavior manifests as an AWS ‘Access Denied’ when navigating directly to any page other than the home page of the site. The serverless-lift plug-in is responsible for configuring S3 bucket permissions as well as CloudFront error handling and for the versions between 1.12.1 and 1.16.0 were not configuring this in a manner necessary for proper operation of RedwoodJS. Navigating via links behaves correctly, but navigating by direct entry of a URL, or back/forward/refresh will fail with the AWS Access Denied error.
This was a painful one to figure out. I hope this helps someone else out there. My thanks to @rob for the nudges in the right direction on Discord.

fmiranda · May 31, 2023, 2:52pm

Hi @joconor, thanks for bringing this. I’ve just faced this problem (I had a S3 bucket created BEFORE the AWS breaking change of Apr 2023 and when I tried to recreate it, I found the mentioned error ‘Access Denied’).

I’m using the last version of serverless-lift 1.26.1, but I still have the permission issues. What version of this plugin are you using? Can you please share your ẁeb/servelress.yml`?

Thanks in advance.

joconor · May 31, 2023, 3:42pm

Hi @fmiranda ,

Here’s my web/serverless.yml. Note the extensions: section. I’m using version “^1.25.1” of the serverless-lift plugin

# See the full yml reference at https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml/
service: cpcemm-web

# Uncomment `org` and `app` and enter manually if you want to integrate your
# deployment with the Serverless dashboard, or run `yarn serverless` in ./web to be
# prompted to connect to an app and these will be filled in for you.
# See https://www.serverless.com/framework/docs/dashboard/ for more details.
# org: your-org
# app: your-app

useDotenv: true

plugins:
  - serverless-lift

constructs:
  web:
    type: static-website
    path: dist
    extensions: {
      bucket: {
        Properties: {
          PublicAccessBlockConfiguration: {
            BlockPublicPolicy: false,
          }
        }
      }
    }

provider:
  name: aws
  runtime: nodejs16.x
  region: us-west-2 # AWS region where the service will be deployed.

fmiranda · May 31, 2023, 3:46pm

Thanks a lot!
One more question: you are still using node16, do you migrate to Redwood 5.x?

joconor · May 31, 2023, 4:08pm

I have not yet migrated to RedwoodJS 5.x