I'm having some trouble with AWS Bucket policies, I followed the instruction and it doesn't let me set the policy, so I can't get my domain to work with the buckets.
Here is a picture. The tutorial told me to replace example.com with my bucket name.
I've been trying to set up my buckets with my domain for over a month now and I just can't seem to get it going. I already purchased my domain, and it's the exact domain name I want, so I don't want to be forced to go to Bluehost with a new domain.
It is quite simple:
Your bucket is called www.justdiditonline.com
Your bucket policy is attempting to create a rule for a bucket named justdiditonline.com
The bucket names do not match
Solution: Use a policy with the correct bucket name:
{
"Id": "Policy1",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::www.justdiditonline.com/*",
"Principal": "*"
}
]
}
I notice you have another bucket called justdiditonline.com. Your existing policy would work on that bucket.
The Setting Up a Static Website Using a Custom Domain instructions detail what to do, and they work fine with an external DNS service using a CNAME to point to the static website URL. The main steps are:
Create a bucket with the domain name www.justdiditonline.com
Add a bucket policy to make content public, or make sure the individual objects you want to serve are publicly readable
Activate Static Website Hosting on the bucket, which will return a URL like: www.justdiditonline.com.s3.amazonaws.com
Create a DNS entry for www.justdiditonline.com with a CNAME pointing to the Static Website Hosting URL
Related
I'm trying to allow AWS Route 53 to manage a domain I bought on Name.com so I can apply the domain to an AWS bucket that is hosting a static website.
I've attempted to follow the outlined instructions from this post which I'm guessing is out of date (Domain name setup with AWS S3 bucket with static hosting)
Create the hosted zone with your domain name, domain.com
Create an A record for your domain. On the right side you'll see a radio button "Alias" choose yes, then click into the target box and wait for your bucket to appear under S3 Website endpoints. (More on this below).
Select your bucket and click create.
Head over to your registrar, NameCheap and configure the nameservers to use the AWS nameservers in the NS record from your AWS hosted zone.
Your bucket name must match the domain name.
In the properties tab, you need to enable the static website hosting option and provide your index page.
In the permissions tab, click on bucket policy, then click the policy generator link at the bottom.
In the policy generator, select S3 as the type of policy
Set the principal to *
Set the action to Get Object
set the ARN to the ARN for your bucket /*. For example arn:aws:s3:::domain.com/*
Click Add statement, then generate policy and paste that into the bucket policy and save.
But I'm having an issue with last point 7. Applying the generated policy to the bucket policy, it is throwing the following error:
Action does not apply to any resource(s) in statement
We would suggest try below policy for your bucket which is provided by AWS
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::example-bucket/*"
]
}
]
}
Replace example-bucket with your bucket name
Navigate through below link How Do I Configure an S3 Bucket for Static Website Hosting?
I was trying to make an alias for my bucket but I can't make the setting correct as S3 bucket policy doesn't accept my policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "qweewfewr",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mydomain.io/*"
}
]
}
Error msg
Add a new policy or edit an existing bucket policy in the text area below. Learn more.
Policy has invalid resource - arn:aws:s3:::mcommerce.io/*
The error message seems pretty clear to me. The resource name you are using does not exist. You need to replace mydomain.io with the name of your bucket you are trying to open access to.
As far as how to make an alias for the bucket, that has absolutely nothing to do with the bucket policy. That bucket policy is to tell S3 that it has permission to serve the items in it to whoever asks for them. Making an alias is a different process altogether.
To make an alias, you need to open the Route53 console and add a new A Record that is the domain address you are trying to use. Then you can add your bucket address https://<region>.amazonaws.com/<bucketname>/ and viola, you have an alias web address tied to the bucket. For a full tutorial check out this article.
I have a S3 bucket with a file in it. I only want a certain domain to be able to access the file. I have tried a few policies on the bucket but all are not working, this one is from the AWS documentation.
{
"Version": "2012-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "Allow get requests originated from www.example.com and example.com",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket-name/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"http://www.phpfiddle.org/*",
"http://phpfiddle.org/*"
]
}
}
}
]
}
To test the file, i have hosted a code on phpfiddle.org and have this code. But i am not able to access this file neither by directly accessing from the browser nor by the phpfiddle code.
<?php
$myfile = file_get_contents("https://s3-us-west-2.amazonaws.com/my-bucket-name/some-file.txt");
echo $myfile;
?>
Here are the permissions for the file, the bucket itself also has the same permissions + the above policy.
This is just an example link and not an actually working link.
The Restricting Access to a Specific HTTP Referrer bucket policy is only allow your file to be accessed from a page from your domain (the HTTP referrer is your domain).
Suppose you have a website with domain name (www.example.com or example.com) with links to photos and videos stored in your S3 bucket, examplebucket.
You can't direct access your file from your browser (type directly the file URL into browser). You need to create a link/image/video tag from any page in your domain.
If you want to file_get_contents from S3, you need to create a new policy to allow your server IP (see example). Change the IP address to your server IP.
Another solutions is use AWS SDK for PHP to download the file into your local. You can also generate a pre-signed URL to allow your customer download from S3 directly for a limited time only.
I am trying to set up a static website that has been configured to use index.html default documents. I have the following bucket policy set up in S3:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "Allow Public Access to All Objects",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.risendeadmc.com/*",
"Condition": {}
}
]
}
The 2nd step is I created a CloundFront distribution to distribute this S3 content.
Issue 1: Sub folders are still accessible by CDN domain name but index.html no longer load as default for document and hitting folder causing a content download.
I then set up a A record Alias to the CDN distribution in Route53 and now nothing resolves with a 403 Forbidden error no matter what I use.
Any configuration advise to resolve would be greatly appreciated.
What I am looking for is the ability to use my domain set up in Route53 to point to the CloudFront Distribution to provide access (with index.html default) content access.
I would like to keep root and sub folder default access points to non file suffixed endpoint reference:
http://mydomain.com/root
or
http://mydomain.com/root/sub/subroot
rather than address index.html
You will want to make sure that you are setting your default root object in Amazon S3 and that your origin is the S3 Website endpoint.
Example origin: www.example.com.s3-website-us-east-1.amazonaws.com
http://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html
Good morning,
I am using amazon s3 bucket as the image server.
And I want to use a subdomain of my site, how to address this bucket.
eg: a picture is now in: https://s3-sa-east-1.amazonaws.com/nomeBucket/pasta/imag.png, and I access it through this same link.
Would that it were so: imagens.mydomain.com.br / folder / imag.png
Is there any way I can do this? appoint a subdomain address to a bucket?
I've tried the amazon route 53, as CNAME. I tried this: https://s3-sa-east-1.amazonaws.com/nomeBucket/
I took the test yesterday, but apparently it did not work.
Someone already did something similar, and / or know how to help me?
Note: I'm using nginx. also need to configure it for subdomain?
Thank you
You need to rename your bucket to match the custom domain name (e.g. imagens.mydomain.com.br) and set up that domain as a CNAME to
<bucket-name>.s3.amazonaws.com.
(in your case imagens.mydomain.com.br.s3.amazonaws.com.
The full instructions are available here:
http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
Update 2019 : AWS SUBDOMAIN hosting in S3
As of today following steps worked to have a successfully working subdomain for AWS S3 hosted static website:
Create a bucket with subdomain name. In this example www.subtest.mysite.com
Note: Make sure on 'Permission' tab of bucket:
1.Block public access (bucket settings)
2.Access Control List &
3.Bucket policy
are appropriately set to make sure bucket is public. ( Assuming you already did this for your root domain bucket, those settings can be mirrored on this subdomain bucket)
Upload the index.html file in the bucket
Create a CNAME record with your domain provider
I'm going to build on the other answers here for completeness.
I have moved my bucket to a subdomain so that the contents can be cached by Cloudflare.
Old S3 Bucket Name: autoauctions
New S3 Bucket Name: img.autoauctions.io
CNAME record: img.autoauctions.io.s3.amazonaws.com
Now you'll need to copy all of your objects since you cannot rename a bucket. Here's how to do that with AWS CLI:
pip install awscli
aws configure
Go to https://console.aws.amazon.com/iam/home and create a user or go to an existing user
Go to the user's Security credentials tab
Click Create access key. Copy the secret.
Here's a list of AWS regions.
Now you'll copy your old bucket contents to your new bucket.
aws s3 sync s3://autoauctions s3://img.autoauctions.io
I found this to be too slow for the 1TB of images I needed to copy, so I increased the number of concurrent connections and re-ran from an EC2 instance.
aws configure set default.s3.max_concurrent_requests 400
Sync it up!
Want to make folders within your bucket public? Create a bucket policy like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::img.autoauctions.io/copart/*"
},
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::img.autoauctions.io/iaai/*"
}
]
}
And now the image loads from img.autoauctions.io via Cloudflare's cache.
Hope this helps some people!