My goal is this:
host a website on an S3 bucket
access it via https
redirect requests from domain.com to www.domain.com
So far I have done these steps:
hosted the domain on AWS
created a zone in R53 for that domain
copied the name servers from the zone to the domain
and that all seems to work fine
I think that I have the mechanics of how to create and set things OK.
I attained the same goal in the past so I have some idea of what I'm doing.
And today I kind of have it working: domain.com responds with
files from the www.domain.com bucket
So here, patient reader, is my question:
How do I set this up?
do I need two buckets?
do I need to add the domain and the subdomain to the certificate?
do I need two Cloudfront distributions?
how do I set up Alternate Domain Names in the distribution(s)?
What should the A records in R53 alias?
And one more question: I created an origin request policy when I created the distribution and it worked
will using the origin request policy secure my bucket sufficiently
or will I need to do something else?
Please, thank you, and with my kindest regards,
Related
I’m using CloudFlare as a hosting provider for my website, and AWS S3 to serve my static content. From CloudFlare I created a CNAME for my root domain (example.com) that points to my S3 bucket’s static url. This is currently working (see below).
However, when I try to set up a subdomain (www.example.com) CNAME record on CloudFlare that points to my root domain (example.com) my website doesn’t render. I’ve also tried pointing the subdomain to the S3 bucket url, but that doesn't work either (because the S3 bucket name has to start with www.example.com, not example.com).
Knowing this ^, I created an S3 bucket that starts with www.example.com and redirected it to the root domain bucket that serves all the content (example.com-bucket). However, this didn’t work either.
Another theory I had was to create an AWS Route 53 hosting zone, so I did that as well (see below). However, none of the records I created in Route 53 made any impact.
If anyone has any suggestions it would be greatly appreciated! I’ve looked at various documentation from AWS, CloudFlare, and StackOverflow, but nothing seems to help
A much simpler solution, that doesn't require creating extra S3 buckets and redirect rules in S3, is to create a page rule in Cloudflare that forwards/redirects www to the root domain
I have a website setup in E2E having cPanel with the domain https://example.com. The images for the website are stored in an s3 bucket in AWS.
My final goal is to make the images in the s3 to be accessible as https://images.example.com/cake.jpg
For this, I have created a cloudfront distribution in AWS and made the images to be accessible with the cloudfront URL https://d1234.cloudfront.net/cake.jpg. But the next part, I do not know how to map the subdomain images.example.com to d123.cloudfront.net. Should I use the Alternative domian name setting in cloudfront as shown in the image below. The domain is setup in E2E so I'm not sure what to add in the CNAME field there.
Or should I just create an A record in E2E to map images.example.com to d123.cloudfront.net. If so, how can I add the SSL to images.example.com and force the SSL redirect from http to https?
You actually need to do both.
First within CloudFront you need to add the Alternative Domain Name(s) that you would like to use for your CloudFront distribution. Make sure to generate a certificate in ACM within us-east-1 that covers the domains you're going to setup.
Once this has been applied within your DNS provider you then need to create a record with the exact domain name specified (in Route 53 this would be Alias, in other providers a CNAME) and then give it the value of the CloudFront domain name.
If the alternative domain name is not featured in your CloudFront distribution traffic will be denied when you attempt to resolve the domain.
For more information follow the Using Alternate Domain Names and HTTPS documentation.
I am trying to host my static website using S3. I have a domain that I bought outside of AWS. The URL for my bucker http://my-website.com.s3-website-us-east-1.amazonaws.com. My domain name is my-website.com. I have tried everything but I cannot wrap my head around how I should be configuring CNAME so that my URL does not look messed up. I tried forwarding but that does not work for obvious reasons.
Please suggest solutions.
It depends on what your DNS provider is
You're using Route53 then you need to go to the Hosted Zone for my-website.com and add a A record for my-website.com that points to the bucket. You must set Alias to true for this to work.
If you're using a different DNS provider you can't route Apex domain (my-wesite.com, without www, or another subdomain in front). You'll be able to add a CNAME record for a subdomain that points to the S3 web endpoint.
I have a static website hosted in S3 inside the bucket client1.examplecorp.com with a corresponding R53 record client1.examplecorp.com. A ALIAS s3-website-us-east-1.amazonaws.com.
I want my client's (client1.com) webadmin to create a dns record for the subdomain quotes.client1.com which will point to AWS (The client1.com does not use R53).
Should it point to client1.examplecorp.com ?
Or directly at the S3 bucket endpoint ?
The concept is that, the final user will see only the quotes.client1.com subdomain and not know about client1.examplecorp.com .
I hope I describe it well enough...
I have read the AWS docs about Setting Up a Static Website Using a Custom Domain , Virtual Hosting of Buckets and also this SO post.
I have a feeling that what I am searching for is described here How to redirect domains using Amazon Web Services .
I just do not understand how the registrar of the client will redirect traffic for that specific subdomain (quotes.client1.com) to client1.examplecorp.com by adding the 4 nameservers.
Moreover, will the redirect affect only this subdomain or the whole client1.com .
Finally, will it be completely transparent? Meaning that, the client1.examplecorp.com will not be shown to the end user?
I have not a firm grasp on explaining it , so please bear with me.
Here are two possible solutions:
In these examples, the client's main domain is example.com.
Option 1:
Create a bucket whose name is the same as the desired hostname, and have the client create a CNAME record pointing to the web site endpoint for the bucket.
Bucket name:
quotes.example.com
Web site endpoint (assuming us-east-1 region):
quotes.example.com.s3-website-us-east-1.amazonaws.com.
Client DNS:
quotes.example.com. CNAME quotes.example.com.s3-website-us-east-1.example.com.
The client does not need to be using Route 53 for their DNS, but the bucket name must exactly match the hostname they are pointing to the bucket, because that is how S3 works.
Option 2:
Send the traffic through CloudFront. In this scenario, the bucket name does not matter, because CloudFront will translate it to the correct bucket name.
Bucket name:
example-bucket
Web site endpoint:
example-bucket.s3-website-us-east-1.amazonaws.com
New CloudFront Distribution system-assigned hostname:
djozxyqkexample.cloudfront.net
CloudFront Origin (do not select the bucket name from the dropdown list, type in the S3 website hostname as shown in the S3 console):
example-bucket.s3-website-us-east-1.amazonaws.com
CloudFront alternate domain name:
quotes.example.com
Client creates a DNS CNAME
quotes.example.com. CNAME djozxyqkexample.cloudfront.net.
This solution also does not require that the client use Route 53, and -- importantly -- the bucket name does not need to match the hostname -- the hostname simply needs to be configured as a CloudFront alternate domain name so that CloudFront recognizes the Host: header when it arrives.
If you want to reuse the same bucket for multiple sites, you can add more hostnames to the CloudFront alternate domain name setting, or you can create multiple distributions pointing to the same bucket.
Note also that using CloudFront in front of S3 is effectively free, because S3 will no longer bill you for bandwidth when you use CloudFront -- instead, CloudFront will bill you for bandwidth, at the CloudFront rate, which is often slightly lower that the S3 rate.
In both cases, above, the client does not need to use Route 53, because they hostname in question is not the zone apex hostname (the "naked domain"). To use a naked domain with either solution requires Route 53, but that isn't applicable here.
Unfortunately, I think this is not possible. I am assuming that you own the corporation domain in this case.
For you to use client1.corporation.com, you had to use Route 53, right?
You also could not configure some DNS record in your other NameServer and do the same.
Similarly, for you to use quotes.client1.com point to the S3 bucket, you also need to ask the client use Route 53.
Hope that helped
Cheers!
I have set up a multi tenant application which should be available to clients via a subdomain (e.g. https://client1.example.at). Requests to *.example.at are routed to a load balancer via Route 53. The load balancer has an AWS signed wildcard certificate (e.g. supporting example.at and *.example.at). From this side, everything is working as expected and I can access https://client1.example.at, https://client2.example.at, etc.
Based on this setup, I wanted to route specific request without subdomain (except www) such as https://www.example.at or https://example.at to a bucket (which is also named www.example.com) and not to the load balancer (I just want to serve a static site for requests to the "main domain"). It works but I can only access www.example.at and example.at without using HTTPS. My setup can be seen below:
I then found out that I have to use Cloudfront in order to use HTTPS for a custom domain with S3 buckets (if that is correct?). Now I have a few questions:
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
Generally speaking, is my Route 53 setup valid at all?
I wanted to route specific request without subdomain (except www) such as https://www.example.com or https://example.com to a bucket (which is also named www.example.com)
Each of those "domains" must route to a different bucket unless you are using a proxy (which reroutes the hostname passed from the browser) in front of S3, the domain name must match the bucket name. If they don't then your requests are going to a bucket matching the DNS name you routed from, the routing has nothing to do with the hostname of the S3 bucket endpoint.
In other words, let's say your hostname was www.example.com, and you set the CNAME to example.com.s3.amazonaws.com (or you could use the website endpoint, it doesn't matter for this example).
When a request hits the DNS name www.example.com it then is sent to the S3 server which is behind the S3 hostname. That request from the browser is for hostname "www.example.com", the actual CNAME referenced which pointed to the S3 endpoint is irrelevant because S3 never knows what actual CNAME was used to by your browser to connect to S3. So S3 will attempt to pull the requested object from the www.example.com bucket.
URL -> S3 Bucket
https://www.example.com -> s3://www.example.com
https://example.com -> s3://example.com
It works but I can only access www.example.at and example.at without using HTTPS.
CNAME DNS routing like this when using SSL to an S3 bucket does not work. The reason for this is that the S3 wild card certificates are 1 level deep (*.s3.amazonaws.com) so your bucket www.example.com.s3.amazonaws.com will fail to match it because it has 2 extra levels above the wild card. So your browser rejects the certificate as invalid for the hostname.
To accomplish this you must use a proxy of some sort in front of S3 with your own certificates for the domain in question.
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
CloudFront is an excellent option for addressing the HTTPS with CNAME routed DNS to an S3 bucket issue we just mentioned.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
I can't answer that one, I can only suggest you try and find out what happens. If it doesn't work then it's not an option. It shouldn't take much time to figure this one out.
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
To clarify, an A Record can only ever be an IP address, an A Alias is similar to a CNAME (but is Route53 specific).
I highly recommend CNAMES (or ALIASES, they are similar). Pointing directly at one of S3's A-Records is a bad idea because you don't know if or when that IP will be removed from service. By referencing the hostname with a CNAME/ALIAS you don't have to worry about that. Unless you can be 100% sure that the IP will remain available then you shouldn't reference it.
Generally speaking, is my Route 53 setup valid at all?
I don't see any issues with it, based on what you described it sounds like like things are working as expected.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
As suggested by #JoshuaBriefman I simply tried to create another certificate for the same domain in another region now and it worked. I could also use the certificate for the CloudFront distribution (additional certificate was created in US EAST) and all works now without any problems so far.