Using SSL on Amazon S3 bucket with CNAME - amazon-web-services

So currently I have a CNAME mapped to my Amazon S3 bucket so that I can access my files like subdomain.domain.com/file.js
The problem is SSL doesn't work on this.
Now I could add Cloudfront, however, that creates a cache for the files and the files need to update dynamically.
How do I go about doing this?

CloudFront is a complementary service to S3, and is the only way AWS provides to combine a custom domain name and SSL with an S3 bucket.
If you really don't want CloudFront to cache any content, you can set the Minimum, Default, and Maximum TTL to 0.

Related

Redirect directories to individual s3 buckets?

I have a Laravel application hosted on a domain. I have several dynamic directories ie:
example.com/directory
example.com/random
example.com/moon
I would like each of these directories to resolve to a different s3 bucket while masking the URL (I want to see the URL above, not the s3 bucket URL). What's the best way to accomplish this? I could possibly create a primary bucket and host example.com on it and create routing rules on that s3 bucket to redirect to the other s3 buckets (I think). What do those routing rules look like? I was unable to find directions in the AWS documentation that showed how to redirect to other buckets. Is there another, more simple way to go about this?
It's worth noting the Laravel application may not need to be involved in the actual routing as much as using the AWS sdk to dynamically configure the directories.
You have to use Route53 along with S3 enabling static website hosting.
For detail configuration about static website hosting in S3, you can take a look here.
After that choose Route53 as a service in AWS Console.
Select your hosted zone and add a CNAME recordset, in the value field enter the S3 bucket endpoint url and in the Name field enter the url that you want to point to the S3 bucket.
For using Route53 you can read this AWS document.
The best way would be to create a CloudFront (CF) distribution with three different origins. Then each origin would respond to different Origin Path which would lead to different buckets.
example.com could be defined in Route53, with Alias A record to the CF distribution. The benefit of using CF with S3 is that you not only can speed up your website (CF is CDN), but also you can keep your buckets and objects private:
Amazon S3 + Amazon CloudFront: A Match Made in the Cloud

CloudFlare CNAME an existing AWS S3 bucket, not named by domain, without using CloudFront distribution

We have an S3 bucket used throughout our AWS infrastructure. We currently are using a CloudFront distribution to create an URL for that bucket, then we have a CloudFlare account that maps our custom domain to that CloudFront url. We need to use CloudFlare as we use the CloudFlare image resizing capabilities throughout our infra, but this "double cdn" setup is costing us, as we are charged by CloudFlare + AWS CloudFront.
We would like to cut out CloudFront. The only way I have found to do this is to rename the bucket to the custom domain name (ex: images.oursite.com). However, changing the bucket name would be significant effort, and probably cause quite a few regressions for our infra.
Is there anyway we can setup a CloudFlare cname for our custom bucket, without using a CloudFront distribution, and without changing the bucket name?

Can I Use same AWS S3 bucket for 2 domains whilst using the cloudflare CDN

I am using AWS S3 bucket for storing and displaying the user upload image files.
My website name is example.net and as I want to use cloudflare CDN and show the image url path as images.example.net (as I want to mask the S3 url).
I created a S3 bucket with name images.example.net and mapped the CNAME images.example.net.s3.us-east-1.amazonaws.com as images.
So I am able to access the images using url images.example.net/myPic.jpg
Recently I got a new domain example.com (only the extension is different), and now I want to use the same S3 bucket example.net to store the files and the url needs to shown as images.example.com/myPic.jpg
If I create a new S3 bucket images.example.com , then I can do it, but I want to use the existing one only.
Is there any method to configure in cloudflare for that ?
Can I do it without creating a new bucket named images.example.com ?
If you're using virtual hosting then you're limited to a single domain per bucket by using the domain as the bucket name.
The only options available to you are:
Create a second S3 bucket with your other domain name as the CNAME
Create a CloudFront distribution in front of your S3 bucket and specify both domains as alternative domain names. Then on CloudFlare use the CloudFront CNAME. Disable all caching to allow CloudFlare to handle all the CDN functionality.
Obviously neither are ideal for your scenario, however these are the options available at this time.

What is the best way to point domain to a S3 bucket that doesnt have the domain as bucket name

I'm new to AWS and all of it's services and my first go at it I started my project with a S3 bucket that was created by default by AWS Vue CLI. I've got Cognito pool & gateway API connected to this bucket but now that I want to connect this project to a custom domain I just purchased I realize the bucket name needs to match the root domain name. From what I understand this will mean that I need to pull all non-aws files from my Vue project, duplicate it, and either reconfigure pre-existing connections or start all over.
I've got my custom domain set up with an empty S3 bucket, Cloudfront, and Router 53 so that's up and working but now I am not sure how to go about transferring this project from buckets.
So basically I started my project with Bucket1 and finished everything that included Cognito Pool & Gateway API. Now I have a custom domain I want to use have Cloudfront and Route 53 with CustomDomain bucket name and I want to have the project from Bucket1 load for the new bucket.
Using Cloud-front you can mitigate this issue.
Route 53(DNS Name) --> Cloudfront Url --> S3 origin
As you already created a bucket for website hosting, below steps can help you.
Use the Amazon S3 console t to login and search for CloudFront.
Click on Create distribution
Create a Web distribution
Select existing bucket in Origin Domain Name and complete the setup.
Update the DNS records for your domain to point your website's CNAME to your CloudFront distribution's domain name. You can find your distribution's domain name in the CloudFront console in a format that is similar to d1234abcd.cloudfront.net.
Wait for your DNS changes to propagate and for the previous DNS entries to expire.
The typical AWS way to do this is to use cloudfront - the domain points to cloudfront and cloudfront can point to any bucket name or other source location; when you introduce cloudfront into the mix, the bucketname no longer needs to match the domain name.

How to hide AWS S3 Bucket URL with custom CNAME

I want to connect CDN to an AWS S3 Bucket, but the AWS Document indicates that the bucket name must be the same as the CNAME. Therefore, it is very easy to guess the real s3 bucket url by others.
For example,
- My domain: example.com
- My S3 Bucket name: image.example.com
- My CDN CNAME(image.example.com) will point to image.example.com.s3.amazonaws.com
After that, people can access the CDN URL -> http://image.example.com to obtain the resources from my S3 Bucket. However, under this restriction, people can guess my real S3 bucket url from the CNAME (CNAME + s3.amazonaws.com) easily.
So, my question is that how can I hide my real s3 bucket url? Because I don't want to expose my real S3 url to anyone for preventing any attacks.
I am not sure I understand what you are asking for or what you are trying to do [hiding your bucket does not really help anything], however I will attempt to answer your question regarding "hiding" your bucket name. Before I answer, I would like to ask these two questions:
Why do you want to hide your S3 bucket url?
What kind of attacks are you trying to prevent?
You are correct that the S3 bucket name had to be the same as your URL. This is no longer a requirement as you can mask the S3 bucket using cloudfront. CloudFront as you know is a CDN from AWS. Thus the bucket name could be anything (randomstring).
You can restrict access to the bucket, such that only CloudFront can access it. Data in the bucket is then replicated to edge locations and served from there. Even if one knows the S3 URL, it will not do anything as access to the s3 bucket is restricted, an IAM rule grants CloudFront access and no one else.
Access restriction is done via origin access and while you can manually configure this using a bucket policy, you can also set a flag in CloudFront to do this on your behalf. More information is available here.
Use the CloudFront name in Route53. Do not use CNAME, but rather use A type, and set it up as an Alias. For more information see this document.
If you are using a different DNS provider, AWS aliases will naturally not be available. I suggest moving the zone file from your other provider to AWS. If you cannot do this, then you can still use a CNAME. Again see here for more information.
I suggest using your own domain name for CloudFront and setting up HTTPS. AWS offers certificates at no additional cost for services within AWS. You can register a certificate for your domain name which is either validated by a DNS entry or an Email. To set this up please see this document.
If you want to restrict access to specific files within AWS, you can use signed URLs. More information about that is provided here.