Gatsby Client Only Routes With AWS S3 CloudFront and Private bucket! Use a Lambda@Edge origin request

cf-template.yml

AWSTemplateFormatVersion: "2010-09-09"
Description: "Gatsby Static Website client only routes 'server-side' redirects."
Metadata:
  "AWS::CloudFormation::Interface":
    ParameterGroups:
      - Label:
          default: "Required Parameters"
        Parameters:
          - DomainName
      - Label:
          default: "Operational Parameters"
        Parameters:
          - LogsRetentionInDays
Parameters:
  DomainName:
    Description: "The domain name of the website"
    Type: String
  LogsRetentionInDays:
    Description: "Number of days to retain log events in the specified log group."
    Type: Number
    Default: 14
    AllowedValues:
      [
        1,
        3,
        5,
        7,
        14,
        30,
        60,
        90,
        120,
        150,
        180,
        365,
        400,
        545,
        731,
        1827,
        3653,
      ]
Resources:
  OriginRequestRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - "lambda.amazonaws.com"
                - "edgelambda.amazonaws.com" # default @edge policies for lambda
            Action: "sts:AssumeRole"
  OriginRequestLambdaPolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyDocument:
        Statement:
          - Effect: Allow
            Action:
              - "logs:CreateLogStream"
              - "logs:PutLogEvents"
            Resource: !GetAtt "OriginRequestLogGroup.Arn"
      PolicyName: lambda
      Roles:
        - !Ref OriginRequestRole
  OriginRequestLambdaEdgePolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyDocument:
        Statement:
          - Effect: Allow
            Action: "logs:CreateLogGroup"
            Resource: !Sub "arn:${AWS::Partition}:logs:*:${AWS::AccountId}:log-group:/aws/lambda/us-east-1.${OriginRequestFunction}:log-stream:"
          - Effect: Allow
            Action:
              - "logs:CreateLogStream"
              - "logs:PutLogEvents"
            Resource: !Sub "arn:${AWS::Partition}:logs:*:${AWS::AccountId}:log-group:/aws/lambda/us-east-1.${OriginRequestFunction}:log-stream:*"
      PolicyName: "lambda-edge"
      Roles:
        - !Ref OriginRequestRole
  OriginRequestFunction:
    Type: "AWS::Lambda::Function"
    Properties:
      Code:
        # If you change the ZipFile, rename the logical id OriginRequestVersionVx to trigger a new version creation!
        ZipFile: !Sub |
          const domainName = '${DomainName}'.toLowerCase();
          exports.handler = async function(event) {
            const cf = event.Records[0].cf;
            const uri = cf.request.uri
            if (/^\/app\//i.test(cf.request.uri)) {
                return Object.assign({}, cf.request, {uri: '/app/index.html'});
            }
            return cf.request;
          };
      Handler: "index.handler"
      MemorySize: 128
      Role: !GetAtt "OriginRequestRole.Arn"
      Runtime: "nodejs12.x"
      Timeout: 5
  OriginRequestVersionV5:
    Type: "AWS::Lambda::Version"
    Properties:
      FunctionName: !Ref OriginRequestFunction
  OriginRequestLogGroup:
    Type: "AWS::Logs::LogGroup"
    Properties:
      LogGroupName: !Sub "/aws/lambda/${OriginRequestFunction}"
      RetentionInDays: !Ref LogsRetentionInDays
Outputs:
  StackName:
    Description: "Stack name."
    Value: !Sub "${AWS::StackName}"
  OriginRequestLambdaEdgeFunctionVersionARN:
    Description: "Version ARN of Lambda@Edge viewer request function."
    Value: !Ref OriginRequestVersionV5

lambdaedge-origin-request.js

exports.handler = async function(event) {
  const cf = event.Records[0].cf;
  const uri = cf.request.uri
  if (/^\/app\//i.test(uri)) { // change /app\/ to any path you have for client only routes
      return Object.assign({}, cf.request, {uri: '/app/index.html'});
  }
  return cf.request;
};