I have recently set up a static website using an AWS S3 bucket (scottreganchimneysweeping.co.uk). I have provisioned an SSL certificate through AWS, changed nameservers with my registrar to AWS route 53, created a hosted zone with route53 and also a CDN using cloudfront.
However, when I type the URL into Chrome, it loads for ages and then brings up a 403 error, IP address not found.
In route 53, I have created an A record with the alias for the cloudfront CDN, as well as the CNAME record for the SSL certificate and the default NS and SOA records. I'm not sure what exactly is causing the issue here but I am a total beginner with hosting and DNS etc so I desperately need help to get this website live.
Could anybody suggest where I have gone wrong here or possible diagnose using the domain name above?
Thanks in advance!
403 means that the requester does not have permissions to take the action requested. You may need to either set the ACL of the bucket to public read, or the ACL of the items you want to be public read.
When a bucket is not set to be publicly readable, even if it is set up as a static site already, all missing pages will show up as a 403 response, so another possibility is that the default path is not set to the correct file, e.g. default pointing to index.html whereas you have main.html in your bucket at the root.
Related
I’m using CloudFlare as a hosting provider for my website, and AWS S3 to serve my static content. From CloudFlare I created a CNAME for my root domain (example.com) that points to my S3 bucket’s static url. This is currently working (see below).
However, when I try to set up a subdomain (www.example.com) CNAME record on CloudFlare that points to my root domain (example.com) my website doesn’t render. I’ve also tried pointing the subdomain to the S3 bucket url, but that doesn't work either (because the S3 bucket name has to start with www.example.com, not example.com).
Knowing this ^, I created an S3 bucket that starts with www.example.com and redirected it to the root domain bucket that serves all the content (example.com-bucket). However, this didn’t work either.
Another theory I had was to create an AWS Route 53 hosting zone, so I did that as well (see below). However, none of the records I created in Route 53 made any impact.
If anyone has any suggestions it would be greatly appreciated! I’ve looked at various documentation from AWS, CloudFlare, and StackOverflow, but nothing seems to help
A much simpler solution, that doesn't require creating extra S3 buckets and redirect rules in S3, is to create a page rule in Cloudflare that forwards/redirects www to the root domain
I am trying to direct a URL request to an AWS S3 bucket.
So far I have done the following:
Create a bucket with the name app-name.app (domain is .app)
Make the bucket public and set property as a static website.
Website works fine when directly accessed through the S3 ARN.
Now I need to direct my (Godaddy) hosted domain name to this S3 bucket.
These are the steps I've taken:
Create a hosted zone in Route 53
Create record sets for A, NS and SOA types.
This is how it looks like:
After that I set the same NS server names in to Godaddy domain. I then also received an email from Godaddy stating that the nameservers have been changed.
However, I am not able to access the site through the domain name. It times out.
Appreciate some help figuring out what step I am missing.
Thank you.
1-Make sure your DNS changed correctly, by ping and trace.
2-Use DNS tools like mxtoolbox to check the records.
3-Add CNAME record with your S3 website public URL(It's different as S3 general URL), for example, add www.
I'm getting 400 Bad Request and "The specified bucket exists in another region. Please direct requests to the specified endpoint." when going to my domain: http://www.*.com/. I have the CNAME record on namecheap set to: .com.s3-website.us-east-2.amazonaws.com, which works fine when I type it in the browser. It seems like it's going to www..com.s3-website.us-east-2.amazonaws.com instead, (with the www added), because you get the same error if you type that into the address bar. I spoke with namecheap support, and he told me to change the CNAME host to # and delete the url redirect record because "it might be that the configuration of your website requires bare domain name not WWW". That didn't work. I also have namecheaps private email and he mentioned "your Email Service won't work if you have CNAME for the Root Domain". He told me to contact AWS support (I dont have tech support plan) and tell them to "Please contact your Hosting provider to change records from their side from Root Domain to www" and "you should change CNAME mapping from Root Domain to the WWW."
So I'm stumped here. Can anyone help me here? Is there a way to do what he said and will it fix my problem? Thanks.
This error means that you have configured the CNAME record in your DNS server to use the wrong S3 static web site endpoint.
Your CNAME is using us-east-2. In what region is the bucket located?
Go to the Amazon Console.
In S3 bucket properties, click on static web site hosting.
Copy the URL for your web site.
Go to your DNS Server.
Go to the record for www.
Make sure that the CNAME matches the static web site URL.
[EDIT after a series of comments]
If you create a bucket with the name www.hibachiandyou.com then the domain must exactly match the S3 bucket name. If you want to also have a the domain hibachiandyou.com, then you need another bucket with the exact same name. You cannot use DNS redirects to get from one to the other. Use any other convention and it will not work.
The domain apex (hibachiandyou.com) cannot be a CNAME. Amazon Route 53 supports using ALIAS records for the domain apex. I am not aware of any other DNS server that supports ALIAS records. Recommendation, move your DNS servers to Route 53.
You can use a redirect with S3 to redirect one static web site to another web site. Review section 2.3 in this link.
Setting up a Static Website Using a Custom Domain
I have a static website hosted in S3 inside the bucket client1.examplecorp.com with a corresponding R53 record client1.examplecorp.com. A ALIAS s3-website-us-east-1.amazonaws.com.
I want my client's (client1.com) webadmin to create a dns record for the subdomain quotes.client1.com which will point to AWS (The client1.com does not use R53).
Should it point to client1.examplecorp.com ?
Or directly at the S3 bucket endpoint ?
The concept is that, the final user will see only the quotes.client1.com subdomain and not know about client1.examplecorp.com .
I hope I describe it well enough...
I have read the AWS docs about Setting Up a Static Website Using a Custom Domain , Virtual Hosting of Buckets and also this SO post.
I have a feeling that what I am searching for is described here How to redirect domains using Amazon Web Services .
I just do not understand how the registrar of the client will redirect traffic for that specific subdomain (quotes.client1.com) to client1.examplecorp.com by adding the 4 nameservers.
Moreover, will the redirect affect only this subdomain or the whole client1.com .
Finally, will it be completely transparent? Meaning that, the client1.examplecorp.com will not be shown to the end user?
I have not a firm grasp on explaining it , so please bear with me.
Here are two possible solutions:
In these examples, the client's main domain is example.com.
Option 1:
Create a bucket whose name is the same as the desired hostname, and have the client create a CNAME record pointing to the web site endpoint for the bucket.
Bucket name:
quotes.example.com
Web site endpoint (assuming us-east-1 region):
quotes.example.com.s3-website-us-east-1.amazonaws.com.
Client DNS:
quotes.example.com. CNAME quotes.example.com.s3-website-us-east-1.example.com.
The client does not need to be using Route 53 for their DNS, but the bucket name must exactly match the hostname they are pointing to the bucket, because that is how S3 works.
Option 2:
Send the traffic through CloudFront. In this scenario, the bucket name does not matter, because CloudFront will translate it to the correct bucket name.
Bucket name:
example-bucket
Web site endpoint:
example-bucket.s3-website-us-east-1.amazonaws.com
New CloudFront Distribution system-assigned hostname:
djozxyqkexample.cloudfront.net
CloudFront Origin (do not select the bucket name from the dropdown list, type in the S3 website hostname as shown in the S3 console):
example-bucket.s3-website-us-east-1.amazonaws.com
CloudFront alternate domain name:
quotes.example.com
Client creates a DNS CNAME
quotes.example.com. CNAME djozxyqkexample.cloudfront.net.
This solution also does not require that the client use Route 53, and -- importantly -- the bucket name does not need to match the hostname -- the hostname simply needs to be configured as a CloudFront alternate domain name so that CloudFront recognizes the Host: header when it arrives.
If you want to reuse the same bucket for multiple sites, you can add more hostnames to the CloudFront alternate domain name setting, or you can create multiple distributions pointing to the same bucket.
Note also that using CloudFront in front of S3 is effectively free, because S3 will no longer bill you for bandwidth when you use CloudFront -- instead, CloudFront will bill you for bandwidth, at the CloudFront rate, which is often slightly lower that the S3 rate.
In both cases, above, the client does not need to use Route 53, because they hostname in question is not the zone apex hostname (the "naked domain"). To use a naked domain with either solution requires Route 53, but that isn't applicable here.
Unfortunately, I think this is not possible. I am assuming that you own the corporation domain in this case.
For you to use client1.corporation.com, you had to use Route 53, right?
You also could not configure some DNS record in your other NameServer and do the same.
Similarly, for you to use quotes.client1.com point to the S3 bucket, you also need to ask the client use Route 53.
Hope that helped
Cheers!
I have set up a multi tenant application which should be available to clients via a subdomain (e.g. https://client1.example.at). Requests to *.example.at are routed to a load balancer via Route 53. The load balancer has an AWS signed wildcard certificate (e.g. supporting example.at and *.example.at). From this side, everything is working as expected and I can access https://client1.example.at, https://client2.example.at, etc.
Based on this setup, I wanted to route specific request without subdomain (except www) such as https://www.example.at or https://example.at to a bucket (which is also named www.example.com) and not to the load balancer (I just want to serve a static site for requests to the "main domain"). It works but I can only access www.example.at and example.at without using HTTPS. My setup can be seen below:
I then found out that I have to use Cloudfront in order to use HTTPS for a custom domain with S3 buckets (if that is correct?). Now I have a few questions:
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
Generally speaking, is my Route 53 setup valid at all?
I wanted to route specific request without subdomain (except www) such as https://www.example.com or https://example.com to a bucket (which is also named www.example.com)
Each of those "domains" must route to a different bucket unless you are using a proxy (which reroutes the hostname passed from the browser) in front of S3, the domain name must match the bucket name. If they don't then your requests are going to a bucket matching the DNS name you routed from, the routing has nothing to do with the hostname of the S3 bucket endpoint.
In other words, let's say your hostname was www.example.com, and you set the CNAME to example.com.s3.amazonaws.com (or you could use the website endpoint, it doesn't matter for this example).
When a request hits the DNS name www.example.com it then is sent to the S3 server which is behind the S3 hostname. That request from the browser is for hostname "www.example.com", the actual CNAME referenced which pointed to the S3 endpoint is irrelevant because S3 never knows what actual CNAME was used to by your browser to connect to S3. So S3 will attempt to pull the requested object from the www.example.com bucket.
URL -> S3 Bucket
https://www.example.com -> s3://www.example.com
https://example.com -> s3://example.com
It works but I can only access www.example.at and example.at without using HTTPS.
CNAME DNS routing like this when using SSL to an S3 bucket does not work. The reason for this is that the S3 wild card certificates are 1 level deep (*.s3.amazonaws.com) so your bucket www.example.com.s3.amazonaws.com will fail to match it because it has 2 extra levels above the wild card. So your browser rejects the certificate as invalid for the hostname.
To accomplish this you must use a proxy of some sort in front of S3 with your own certificates for the domain in question.
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
CloudFront is an excellent option for addressing the HTTPS with CNAME routed DNS to an S3 bucket issue we just mentioned.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
I can't answer that one, I can only suggest you try and find out what happens. If it doesn't work then it's not an option. It shouldn't take much time to figure this one out.
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
To clarify, an A Record can only ever be an IP address, an A Alias is similar to a CNAME (but is Route53 specific).
I highly recommend CNAMES (or ALIASES, they are similar). Pointing directly at one of S3's A-Records is a bad idea because you don't know if or when that IP will be removed from service. By referencing the hostname with a CNAME/ALIAS you don't have to worry about that. Unless you can be 100% sure that the IP will remain available then you shouldn't reference it.
Generally speaking, is my Route 53 setup valid at all?
I don't see any issues with it, based on what you described it sounds like like things are working as expected.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
As suggested by #JoshuaBriefman I simply tried to create another certificate for the same domain in another region now and it worked. I could also use the certificate for the CloudFront distribution (additional certificate was created in US EAST) and all works now without any problems so far.