AWS Networking & Content Delivery

Building a Private React Application Infrastructure with Terraform

3 min read
Updated June 23, 2025
2,356 characters

Tutorial Summary: Building a Private React App with Terraform

This document summarizes the process outlined in the Tutorials Dojo article for creating a truly private infrastructure for a React application using Terraform on AWS. The goal is to host a static website that is not accessible from the public internet, which requires more than just a private S3 bucket.

Goal: True Private Hosting

The core challenge is that an S3 bucket configured for website hosting is always publicly resolvable. Even with restrictive bucket policies, the endpoint itself is public. This tutorial creates an architecture where the application is only accessible from within a private network (a VPC).

The Architecture Explained

The architecture creates a secure path for internal users to access the React application files stored in S3 without exposing anything to the public internet.

  1. A user inside the VPC resolves a private domain name using Amazon Route 53.

  2. Route 53 points to a Network Load Balancer (NLB).

  3. The NLB forwards the request to a VPC Endpoint.

  4. The VPC Endpoint provides a private entry point to a private API Gateway.

  5. The API Gateway is configured with an integration that assumes a specific IAM Role.

  6. This IAM Role has permissions to perform GetObject actions on a private Amazon S3 bucket where the React app's build files are stored. The S3 bucket's policy is configured to only allow access from this specific IAM Role, blocking all other access.

Step 1: Secure S3 Access with an IAM Role

The foundation of this architecture is controlling access to the S3 bucket.

  • Principle of Least Privilege: The S3 bucket is configured to block all public access.

  • S3 Bucket Policy: A bucket policy is created to explicitly Allow actions like s3:GetObject and s3:ListBucket only when the request comes from a specific principal, which is the IAM Role created for the API Gateway.

  • Terraform IAM Module: The tutorial structures the Terraform code into a reusable module for creating the necessary IAM resources. This module defines:

    • aws_iam_role: The role that the API Gateway will assume.

    • aws_iam_policy: The policy defining the S3 permissions.

    • aws_iam_policy_attachment: The resource that links the policy to the role.

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All