From d0a227c7dafdfe651d9197ec11184c4f35297c18 Mon Sep 17 00:00:00 2001
From: Kevin <kevincerro1997@gmail.com>
Date: Tue, 20 Feb 2024 23:21:15 +0100
Subject: [PATCH] Add BlockPublicAccess required config

---
 src/constructs/aws/StaticWebsite.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/constructs/aws/StaticWebsite.ts b/src/constructs/aws/StaticWebsite.ts
index 18cc6d71..da676499 100644
--- a/src/constructs/aws/StaticWebsite.ts
+++ b/src/constructs/aws/StaticWebsite.ts
@@ -3,6 +3,7 @@ import { FunctionEventType } from "aws-cdk-lib/aws-cloudfront";
 import type { Construct as CdkConstruct } from "constructs";
 import type { AwsProvider } from "@lift/providers";
 import type { BucketProps } from "aws-cdk-lib/aws-s3";
+import { BlockPublicAccess } from "aws-cdk-lib/aws-s3";
 import { RemovalPolicy } from "aws-cdk-lib";
 import { redirectToMainDomain } from "../../classes/cloudfrontFunctions";
 import { getCfnFunctionAssociations } from "../../utils/getDefaultCfnFunctionAssociations";
@@ -71,6 +72,12 @@ export class StaticWebsite extends StaticWebsiteAbstract {
             websiteErrorDocument: this.errorPath(),
             // public read access is required when enabling static website hosting
             publicReadAccess: true,
+            blockPublicAccess: new BlockPublicAccess({
+                blockPublicAcls: false,
+                blockPublicPolicy: false,
+                ignorePublicAcls: false,
+                restrictPublicBuckets: false,
+            }),
             // For a static website, the content is code that should be versioned elsewhere
             removalPolicy: RemovalPolicy.DESTROY,
         };