I have a website hosted on GoDaddy. I want to use Amazon CloudFront for serving it to visitors.
I have searched and only found hosting the media on S3 or the entire site on EC2. I do not want that
Is it possible that once a while, say 15 minutes, Amazon CF gets the latest data of my website from godaddy server and any visitor is served the content from Amazon CDN?
As per the AWS docs here, CloudFront supports using any source that can respond to http requests as a Custom Origin.
Create a custom origin and associate a behaviour with that origin and you’ll be serving your content, from your custom HTTP origin, via CloudFront.
Related
I'm moving my domain names from CloudFlare's DNS to AWS Route53 and in some cases I'm using CloudFlare's redirects for project that are dead so that their domains go to a page in another domain, so https://projectx.com goes to https://example.com/projectx-is-no-more.
I want to replicate this in AWS and what I found so far is this:
Set up an S3 bucket with the redirect to the desired URL, https://example.com/projectx-is-no-more
Set up CloudFront for the domain, projectx.com
Generate the TLS cert for projectx.com and add it to CloudFront so it can serve both https and http.
Set up Route53 to resolve the domain name to CloudFront.
I set it up, it's working, I'm even using CDK so I'm not doing it manually. But I'm wondering if there's a way of setting up these redirects that requires less moving pieces. It sounds like such a redirect would be a common enough problem that maybe Route53 or CloudFront would have a shortcut. Are there any?
Update: using only S3 doesn't work because S3 cannot serve https://projectx.com. S3 has no method by which it can respond to HTTPS request for arbitrary domains, there's no way of adding a TLS certificate (and keys) for another domain.
I checked for information and see only three possible solutions:
Set up CloudFront + S3 *
Set up Application Load Balancer
Set up API Gateway + Lambda (mock integration may be used instead of Lambda, that should reduce service cost)
Use GitHub pages with custom domain
※ S3 support only HTTP traffic so we need to add CloudFront for HTTPS:
Amazon S3 does not support HTTPS access to the website. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.
In my opinion the ②nd way is super easy to set up but running 24/7 ALB is little bit expensive. In other way Lambda and API Gateway price depending on requests count. CloudFront seems to be cheaper than ALB too.
So the better solution is depending on how many requests you have
The ④th solution is depends on GitHub platform (wider than AWS only scope), but it is absolutely free and support custom domain and Let's Encrypt certificates out of the box.
You just need to create repository with static index.html file that will do redirects
You can do it without including CloudFront.
What you need to do is create S3 bucket projectx.com. In Properties go to Static website hosting. Enable static website hosting and choose Redirect as a hosting type (add the redirection URL).
You will still need to set up Route53, but you will now add alias to this projectx.com bucket, instead of going to CloudFront
I'm relatively new to AWS and was trying to secure my WIX subdomain (api.example.co.za) which is connected to AWS. So far, I have an EC2 instance for the website, as well as my S3 bucket running. I have also set up my CloudFront and pointed my subdomain on wix (api.example.co.za) to CloudFront (df***.cloudfront.net) within WIX DNS records. I got an AWS certificate through DNS verification and attached it to my CloudFront. In AWS CloudFront, I also routed all requests to my S3 bucket. I also redirected all traffic from http to https in CloudFront
When I type into my brower api.example.co.za, I am able to access my website, but insecurely, just as before. But when I type https://api.example.co.za, the website is secure, but does not load the web content. When Inspect the web content in Chrome>Inspect>Console, I see the following errors
Mixed Content: The page at 'https://api.example.co.za' zone-evergreen.js:29** was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.example.co.za/users/5e7a2'. This request has been blocked; the content must be served over HTTPS.
I'm new with AWS WAF and get stuck with setting up it for application that hosts on some dedicated server. I didn't find any information how to set up it without migration to aws servers, but I found that WAF integrated with CloudFront. But anyway I found only few information that explain how to integrate this CDN with my web application. So, the main question is:
Is it possible to use AWS WAF with application that hosted on some dedicated server? And if it possible - can you provide some guides and/or docs for setting up?
Yes, you can use WAF with a server outside AWS.
WAF works with CloudFront, and CloudFront does not require the origin server to be in the AWS ecosystem.
When you create a distribution, you specify where CloudFront sends requests for the files. CloudFront supports using several AWS resources as origins. For example, you can specify an Amazon S3 bucket or a MediaStore container, a MediaPackage channel, or a custom origin, such as an Amazon EC2 instance or your own HTTP web server. (emphasis added)
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html
Configuring CloudFront to work with your external server is no different than configuring it to work with a server in EC2. Your DNS entry (e.g. www.example.com) changes to point to CloudFront, and CloudFront connects to your server using a new name that you create (e.g. origin.example.com). CloudFront proxies requests through to your server, unless the edge location handling the a given request happens to have access to a copy of the same resource that it cached while handling a previous request for the same page -- that's how CloudFront gets your content, by caching it as it handles requests that are passing through. (You don't pre-load any content into CloudFront.) If CloudFront has a cached copy, your server sees nothing, and CloudFront returns the object to the browser from its cache. But CloudFront isn't strictly a CDN, even though they market it that way. It is a global network of reverse proxies and high-reliability/low-latency transport.
You'll want to take steps to ensure that the web server rejected requests that didn't come through CloudFront. See Using Custom Headers to Restrict Access to Your Content on a Custom Origin as well as the list of CloudFront IP Addresses which you could use on your web server's firewall.
Once you have your site working through CloudFront, all you do is activate WAF on the distribution. CloudFront is very tightly integrated with WAF so that is a very simple change, once you have your WAF rules set up.
Documentation
Offers only HTTP, how to make it to work on HTTPS? Is it possible?
I configured and it is working fine for HTTP, but for HTTPS I'm getting
This site can’t be reached
Even though I created certificates to my domain in AWS Certificate Manager.
CloudFront can be used to serve HTTPS request for static website hosted on S3.
Here is some AWS documentation https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-https-requests-s3/
Also, i found this blog very explanatory - https://medium.com/#sbuckpesch/setup-aws-s3-static-website-hosting-using-ssl-acm-34d41d32e394
Hope this helps.
To configure HTTPS for Static website hosted using S3 as Web site feature, you have to configure AWS CloudFront to serve the website from the CDN locations and ACM can be configured on CloudFront distribution.
Create the Route 53 record set pointing to CloudFront Distribution Endpoint
This way you can server the S3 website on HTTPS and also it will reduce latency as well to your end users request.
Hope this helps
I've an website hosted on DigitalOcean and I'm trying for days to figure how to protect it using amazon cloudfornt + amazon waf is this even possible?
I read amazon documentation but it's not useful,I even watched a lot of you tube videos, but 99% of them are just doing the job using with an amazon hosted website.
Yes, you can set your digital ocean website as the origin in CloudFront. You will of course want to block traffic to your digital ocean website that isn't from CloudFront. You can add a secret header that Cloudfront will pass to the origin that you can require on your backend. You can also consider whitelisting all AWS CloudFront IPs..