security: lock CORS to CloudFront domain, enable Identity Pool token check
- serverSideTokenCheck: true on Identity Pool - revoked tokens can no longer exchange for IAM credentials until expiry - docsBucket CORS allowedOrigins locked to CF distribution domain via Fn::GetAtt (no longer '*'); resolved at deploy time by CloudFormation - ApiStack FRONTEND_URL wired to CF domain token for API Gateway CORS - Removed dev-only RemovalPolicy.DESTROY / autoDeleteObjects from docsBucket; enterprise POC always retains data
| Repository | dropthejase/louis |
|---|---|
| Author | Jason Lee <12leeejk2@gmail.com> |
| Authored | |
| Parents | 310bb912 |
| Stats | 3 files changed , +23 , -13 |
| Part of | CORS locked to CloudFront domain; Identity Pool token check enabled |
Capture this commit into my fork
Download a Markdown prompt that tells Claude how to port this
exact commit into your working tree. Run it via
claude -p < capture-commit-685c7ad5.md
from inside the repo you want the change in.