Apply performance, security and usability upgrades to static bucket services such as Google Cloud Storage or AWS S3.
Use this starter
Using the Fastly CLI, create a new project using this starter somewhere on your computer:
$ fastly compute init --from=https://github.com/fastly/compute-starter-kit-rust-static-content
Or click the button below to create a GitHub repository, provision a Fastly service, and set up continuous deployment:
- Prefix the backend bucket hostname with your bucket prefix
- Serve a 404 page if the requested page is not found
- Remove extra headers sent by your storage provider, such as
- Add Content Security Policy and other security-related headers
- Respond to CORS preflight requests
- Redirect requests for directories to index.html
- Serve robots.txt
- Authenticate requests to the origin with AWS Signature Version 4
- Add caching policy to content
- Strip query strings
Link: rel=preloadheader to pre-fetch critical assets like fonts
When deploying your project, you will be prompted to configure the
bucket_origin backend. You can enter your bucket host here, or just hit enter to accept the defaults if you want to experiment with our mock backend:
Configure a backend called 'bucket_origin'Hostname or IP address: [mock-s3.edgecompute.app]Port: 
If your content is already in a bucket which is public to the internet, or in a private bucket which supports AWSv4-compatible authentication, you can get started right away by modifying
src/config.rs. The values you will need to set are:
BACKEND_NAME- This should match the name of your storage backend in the Fastly UI.
BUCKET_NAME- The name of the bucket you want to access.
BUCKET_HOST- The hostname of the storage service, e.g.
storage.googleapis.com, excluding your bucket prefix.
For private buckets, set these values also:
BUCKET_SERVICE- The service, as defined in your provider's AWSv4 docs, that you are using.
s3for S3 or
BUCKET_REGION- The region, as defined in your provider's AWSv4 docs, that you are using.
autois fine for GCS.
Optionally, you can update these values to configure the default functionality of the starter kit:
ALLOWED_HEADERS- The headers that you want to allow from the origin to be passed to the user. This means headers such as
x-goog-metadatawill be removed by default.
ASSET_REGEX- The regex used to determine assets to be preloaded for a given response body. Defaults to files in
CONTENT_SECURITY_POLICY- The value of the
Content-Security-Policyheader used to determine origins that resources can be loaded from.
If your bucket requires authentication, you will need to create an edge dictionary named
bucket_auth with the following values:
access_key_id- The HMAC access key ID for your service account with read access.
secret_access_key- The HMAC secret key for your service account with read access.
In addition to this, you will need to update the
default = with
default = ["auth"]. This will include the dependencies required to generate signed requests in your package.
Understanding the code
This starter is feature-packed, and requires some extra dependencies on top of the
fastly crate to handle signing requests for S3/GCS. If you are using a public bucket for your origin, these dependencies will not be included.
This starter includes implementations of common patterns explained in our using Compute@Edge and VCL migration guides. Any of the code you see here can be modified or built upon to suit your project's needs.
To learn more about how Fastly communicates with your bucket host, read the Integrating third party services as backends guide. This is based on a VCL service, but you can utilise many of the same patterns with the help of the VCL migration guide.
Starters are a good way to bootstrap a project. For more specific use cases, and answers to common problems, try our library of code examples.