professional-service/examples/cdn-s3-static-website/README.md
Mauritz Uphoff f5831d1902
All checks were successful
Mirror to Public GitHub / Sync Repository (push) Successful in 35s
Default CI / Check for Open TODOs (push) Successful in 59s
Default CI / Secret Scanner (TruffleHog) (push) Successful in 1m29s
Default CI / Pre-Commit Hooks (push) Successful in 2m19s
example(cdn): remove redirect option
2026-06-23 16:23:34 +02:00

2.7 KiB

Static Website on STACKIT CDN with S3 Backend

A reference implementation showing how to deploy a static website using STACKIT CDN with STACKIT Object Storage as the origin.


Architecture

flowchart LR
  U(User) -->|HTTPS request| Edge(CDN Edge)
  Edge --> B(Bucket)
  Edge -->|cached response| U

  subgraph WAF
    Edge
  end

Prerequisites

  • Terraform >= 1.5
  • A STACKIT project
  • A STACKIT service account with sufficient permissions
  • A STACKIT service account JSON key file

Setup

Copy terraform.tfvars.example to terraform.tfvars and fill in your values, then run:

terraform init
terraform apply

After apply, visit the output domain:

bucket_name = "firm-dassie"
cdn_distribution_id = "xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx"
cdn_managed_domain = "https://xxxxxxx.cdn.onstackit.cloud"
cdn_status = "ACTIVE"

Configuration

Variables

Variable Description Default
stackit_project_id STACKIT project ID
stackit_service_account_key_path Path to SA key JSON
stackit_region STACKIT region eu01
cdn_enabled_regions CDN regions: EU, US, ASIA, AF, SA ["EU"]
cdn_blocked_countries ISO 3166-1 alpha-2 codes to block []

Verify WAF

WAF

The example enables the WAF in ENABLED mode with @builtin/crs/request rules, restricting accepted methods to GET and HEAD.

URL=$(terraform output -raw cdn_managed_domain)

# GET request — allowed (200)
curl -sI "${URL}/"

# POST request — blocked by WAF (403)
curl -sI -X POST "${URL}/"

# HEAD request — allowed (200)
curl -sI --head "${URL}/"

If the WAF blocks the POST request correctly, you'll see a 403 Forbidden response. If you see 200 OK, the WAF is either not yet active or misconfigured.


Cleanup

terraform destroy

References