I have a website setup in E2E having cPanel with the domain https://example.com. The images for the website are stored in an s3 bucket in AWS.
My final goal is to make the images in the s3 to be accessible as https://images.example.com/cake.jpg
For this, I have created a cloudfront distribution in AWS and made the images to be accessible with the cloudfront URL https://d1234.cloudfront.net/cake.jpg. But the next part, I do not know how to map the subdomain images.example.com to d123.cloudfront.net. Should I use the Alternative domian name setting in cloudfront as shown in the image below. The domain is setup in E2E so I'm not sure what to add in the CNAME field there.
Or should I just create an A record in E2E to map images.example.com to d123.cloudfront.net. If so, how can I add the SSL to images.example.com and force the SSL redirect from http to https?
You actually need to do both.
First within CloudFront you need to add the Alternative Domain Name(s) that you would like to use for your CloudFront distribution. Make sure to generate a certificate in ACM within us-east-1 that covers the domains you're going to setup.
Once this has been applied within your DNS provider you then need to create a record with the exact domain name specified (in Route 53 this would be Alias, in other providers a CNAME) and then give it the value of the CloudFront domain name.
If the alternative domain name is not featured in your CloudFront distribution traffic will be denied when you attempt to resolve the domain.
For more information follow the Using Alternate Domain Names and HTTPS documentation.
Related
So I created two buckets in S3. One with my domain name xxx.ninja and the other with the www. subdomain. The www one I redirected to the first. Then I created a domain in Route 53. And because I wanted https on my site I created a cloudfront distribution with redirect http -> https.
The s3 bucket url works just fine, but the site URL does not. I think I may have set it up incorrectly.
In AWS CloudFront I created my distribution and used the cloudfront default SSL cert. I choose redirect http -> https. And I pasted in my s3 website URL.
Then I copied the domain name and went to Route 53. After I created my domain I open its hosted zone and added an A record with the alias of the cloudfront domain name.
But the URL doesn't work. I get a 403 CloudFront error in the browser.
Thoughts?
IF you're using the default CloudFront SSL this indicates to me that you're not using a custom hostname (which would deny access to the CloudFront distribution).
You will need to add additional names to your CloudFront distribution (specifying every hostname that will have a DNS record resolving to the CloudFront distribution). In addition you will need to generate an SSL in ACM (which is free), this must be in region us-east-1.
More information on how to add a custom domain to your CloudFront distribution is available here.
I have a domain, let's say foo.bar.com, which I want to use to serve files in an Amazon S3 bucket. According to https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html, the bucket name has to be foo.bar.com and the URL foo.bar.com.s3.amazonaws.com for the CNAME record for foo.bar.com (pointing to foo.bar.com.s3.amazonaws.com) to work.
Unfortunately, Amazon's SSL cert doesn't support foo.bar.com.s3.amazonaws.com (I mean, why would it, I guess), so I can't serve my files like this over SSL, I get an SSL warning/error. I can use plain HTTP but I get Mixed Content warnings in Chrome since the main site is over SSL.
How should this issue be dealt with?
The only way to have both a Custom domain name and SSL on a bucket is to use CloudFront in conjunction with S3.
Create an SSL cert for your domain foo.example.com in Amazon Certificate Manager (ACM) in the us-east-1 region, regardless of your bucket's region. (The us-east-1 region is the region where CloudFront and ACM are interconnected.)
Create a CloudFront distribution:
if you want the S3 web site hosting features, including index documents and redirect rules, type the bucket's web site hosting endpoint hostname as the origin domain name (do not select the bucket from the list), or
if you want to use CloudFront signed cookies or signed URLs, do select the bucket from the drop-down list.
Associate your new ACM cert with the distribution, and add foo.example.com as an Alternate Domain Name for the distribution.
Point the DNS record to the assigned dzczcexample.cloudfront.net hostname.
Note also that unlike S3 static hosting used by itself, this configuration does not require that the bucket name match the domain name, since CloudFront rewrites the requests before sending them to the bucket.
I have a static website hosted in S3 inside the bucket client1.examplecorp.com with a corresponding R53 record client1.examplecorp.com. A ALIAS s3-website-us-east-1.amazonaws.com.
I want my client's (client1.com) webadmin to create a dns record for the subdomain quotes.client1.com which will point to AWS (The client1.com does not use R53).
Should it point to client1.examplecorp.com ?
Or directly at the S3 bucket endpoint ?
The concept is that, the final user will see only the quotes.client1.com subdomain and not know about client1.examplecorp.com .
I hope I describe it well enough...
I have read the AWS docs about Setting Up a Static Website Using a Custom Domain , Virtual Hosting of Buckets and also this SO post.
I have a feeling that what I am searching for is described here How to redirect domains using Amazon Web Services .
I just do not understand how the registrar of the client will redirect traffic for that specific subdomain (quotes.client1.com) to client1.examplecorp.com by adding the 4 nameservers.
Moreover, will the redirect affect only this subdomain or the whole client1.com .
Finally, will it be completely transparent? Meaning that, the client1.examplecorp.com will not be shown to the end user?
I have not a firm grasp on explaining it , so please bear with me.
Here are two possible solutions:
In these examples, the client's main domain is example.com.
Option 1:
Create a bucket whose name is the same as the desired hostname, and have the client create a CNAME record pointing to the web site endpoint for the bucket.
Bucket name:
quotes.example.com
Web site endpoint (assuming us-east-1 region):
quotes.example.com.s3-website-us-east-1.amazonaws.com.
Client DNS:
quotes.example.com. CNAME quotes.example.com.s3-website-us-east-1.example.com.
The client does not need to be using Route 53 for their DNS, but the bucket name must exactly match the hostname they are pointing to the bucket, because that is how S3 works.
Option 2:
Send the traffic through CloudFront. In this scenario, the bucket name does not matter, because CloudFront will translate it to the correct bucket name.
Bucket name:
example-bucket
Web site endpoint:
example-bucket.s3-website-us-east-1.amazonaws.com
New CloudFront Distribution system-assigned hostname:
djozxyqkexample.cloudfront.net
CloudFront Origin (do not select the bucket name from the dropdown list, type in the S3 website hostname as shown in the S3 console):
example-bucket.s3-website-us-east-1.amazonaws.com
CloudFront alternate domain name:
quotes.example.com
Client creates a DNS CNAME
quotes.example.com. CNAME djozxyqkexample.cloudfront.net.
This solution also does not require that the client use Route 53, and -- importantly -- the bucket name does not need to match the hostname -- the hostname simply needs to be configured as a CloudFront alternate domain name so that CloudFront recognizes the Host: header when it arrives.
If you want to reuse the same bucket for multiple sites, you can add more hostnames to the CloudFront alternate domain name setting, or you can create multiple distributions pointing to the same bucket.
Note also that using CloudFront in front of S3 is effectively free, because S3 will no longer bill you for bandwidth when you use CloudFront -- instead, CloudFront will bill you for bandwidth, at the CloudFront rate, which is often slightly lower that the S3 rate.
In both cases, above, the client does not need to use Route 53, because they hostname in question is not the zone apex hostname (the "naked domain"). To use a naked domain with either solution requires Route 53, but that isn't applicable here.
Unfortunately, I think this is not possible. I am assuming that you own the corporation domain in this case.
For you to use client1.corporation.com, you had to use Route 53, right?
You also could not configure some DNS record in your other NameServer and do the same.
Similarly, for you to use quotes.client1.com point to the S3 bucket, you also need to ask the client use Route 53.
Hope that helped
Cheers!
I have set up a multi tenant application which should be available to clients via a subdomain (e.g. https://client1.example.at). Requests to *.example.at are routed to a load balancer via Route 53. The load balancer has an AWS signed wildcard certificate (e.g. supporting example.at and *.example.at). From this side, everything is working as expected and I can access https://client1.example.at, https://client2.example.at, etc.
Based on this setup, I wanted to route specific request without subdomain (except www) such as https://www.example.at or https://example.at to a bucket (which is also named www.example.com) and not to the load balancer (I just want to serve a static site for requests to the "main domain"). It works but I can only access www.example.at and example.at without using HTTPS. My setup can be seen below:
I then found out that I have to use Cloudfront in order to use HTTPS for a custom domain with S3 buckets (if that is correct?). Now I have a few questions:
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
Generally speaking, is my Route 53 setup valid at all?
I wanted to route specific request without subdomain (except www) such as https://www.example.com or https://example.com to a bucket (which is also named www.example.com)
Each of those "domains" must route to a different bucket unless you are using a proxy (which reroutes the hostname passed from the browser) in front of S3, the domain name must match the bucket name. If they don't then your requests are going to a bucket matching the DNS name you routed from, the routing has nothing to do with the hostname of the S3 bucket endpoint.
In other words, let's say your hostname was www.example.com, and you set the CNAME to example.com.s3.amazonaws.com (or you could use the website endpoint, it doesn't matter for this example).
When a request hits the DNS name www.example.com it then is sent to the S3 server which is behind the S3 hostname. That request from the browser is for hostname "www.example.com", the actual CNAME referenced which pointed to the S3 endpoint is irrelevant because S3 never knows what actual CNAME was used to by your browser to connect to S3. So S3 will attempt to pull the requested object from the www.example.com bucket.
URL -> S3 Bucket
https://www.example.com -> s3://www.example.com
https://example.com -> s3://example.com
It works but I can only access www.example.at and example.at without using HTTPS.
CNAME DNS routing like this when using SSL to an S3 bucket does not work. The reason for this is that the S3 wild card certificates are 1 level deep (*.s3.amazonaws.com) so your bucket www.example.com.s3.amazonaws.com will fail to match it because it has 2 extra levels above the wild card. So your browser rejects the certificate as invalid for the hostname.
To accomplish this you must use a proxy of some sort in front of S3 with your own certificates for the domain in question.
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
CloudFront is an excellent option for addressing the HTTPS with CNAME routed DNS to an S3 bucket issue we just mentioned.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
I can't answer that one, I can only suggest you try and find out what happens. If it doesn't work then it's not an option. It shouldn't take much time to figure this one out.
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
To clarify, an A Record can only ever be an IP address, an A Alias is similar to a CNAME (but is Route53 specific).
I highly recommend CNAMES (or ALIASES, they are similar). Pointing directly at one of S3's A-Records is a bad idea because you don't know if or when that IP will be removed from service. By referencing the hostname with a CNAME/ALIAS you don't have to worry about that. Unless you can be 100% sure that the IP will remain available then you shouldn't reference it.
Generally speaking, is my Route 53 setup valid at all?
I don't see any issues with it, based on what you described it sounds like like things are working as expected.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
As suggested by #JoshuaBriefman I simply tried to create another certificate for the same domain in another region now and it worked. I could also use the certificate for the CloudFront distribution (additional certificate was created in US EAST) and all works now without any problems so far.
I have created a S3 bucket named "test.download.abc.com". The purpose of this bucket is to simply serve the executables (exes) when a user clicks on a link Download to download the file. Here the href attribute as one can see is "https://s3-us-west-2.amazonaws.com/test.download.abc.com/MyFolder/MyClient.exe"
My intention here is to change the url that the user sees on hover to "http://test.download.abc.com/MyFolder/MyClient.exe" - one way of achieveing it is to have this url on the href and redirect it to the download file on click- which is working.
I would like to know if there is any record set "Cname" or "Alias" that I can create on the "Route 53" of AWS to achieve the same. I read about virtual hosting articles for which the bucket needs to be configured as a static site- which doesn't seem right for my purpose in addition to not having default site page. What is the right approach for me to achieve the same? Thank you all.
The solution here is deceptively simple.
All you need to do is set up the hostname in your DNS servers as a CNAME referencing the bucket's REST endpoint virtual hostname.
For a bucket named "bucket.example.com," in the "example.com" DNS zone, add:
bucket IN CNAME bucket.example.com.s3.amazonaws.com.
[...] the bucket for the request is the lowercase value of the Host header, and the key for the request is the Request-URI. This interpretation is useful when you have registered the same DNS name as your bucket name and have configured that name to be a CNAME alias for Amazon S3
http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
This is not the same as static web site hosting. It's using a CNAME to reference the REST endpoint of the bucket directly. This, of course, only works for subdomains, since a CNAME doesn't belong at the apex of a domain.
If you don't want to go the static site route, you can setup a cloudfront distribution that serves the content of your s3 bucket, and then setup a custom name.
More here:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
In CloudFront, an alternate domain name, also known as a CNAME, lets
you use your own domain name (for example, www.example.com) for links
to your objects instead of using the domain name that CloudFront
assigns to your distribution. Both web and RTMP distributions support
alternate domain names.
When you create a distribution, CloudFront returns a domain name for
the distribution, for example:
d111111abcdef8.cloudfront.net
When you use the CloudFront domain name for your objects, the URL for
an object called /images/image.jpg is:
http://d111111abcdef8.cloudfront.net/images/image.jpg
If you want to use your own domain name, such as www.example.com,
instead of the cloudfront.net domain name that CloudFront assigned to
your distribution, you can add an alternate domain name to your
distribution for www.example.com. You can then use the following URL
for /images/image.jpg:
http://www.example.com/images/image.jpg
CloudFront is not required to meet your requirement, you can just enable S3 to serve static web content as described here
http://docs.aws.amazon.com/AmazonS3/latest/dev/HowDoIWebsiteConfiguration.html
You would also need to configure Route 53 with a CNAME or A alias record to your bucket
See this sample that combine S3 and Route 53 : http://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html