Tags All Entries

Static Site on AWS with Cloudfront and HTTPS

Relevant aws document

  1. Create bucket, untick the public access blocking
  2. In the local dir s3_website cfg create
  3. echo "s3_website.yml" >> .gitignore
  4. Open config and edit details based on bucket.
  5. In AWS console Bucket -> Permissions -> Add bucket policy from below
  6. Create Certificate in Amazom Certificate Manager for domain/subdomain
  7. Cloudfront -> Create distribution -> add alternate CNAME for domain/subdomain and select the certificate you just created. Have it point at the bucket you created.
    1. Make sure you specify a default root object (index.html), otherwise you will get confusing AccessDenied errors
    2. also if you want to use domain.com/sub_folder/ pretty style URLs, don’t use the s3 bucket as an origin, use the actual S3 website as the origin. The drop down will prompt you to use the bucket, don’t do this, instead type the s3 web address in, should be of the form: BUCKET-NAME.s3-website.REGION.amazonaws.com
  8. Route 53 -> Create entry / update subdomain. Record type A, tick alias and select your cloudfront distribution

bucket policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::Bucket-Name/*"
            ]
        }
    ]
}

Links to this note