Good morning,
I am using amazon s3 bucket as the image server.
And I want to use a subdomain of my site, how to address this bucket.
eg: a picture is now in: https://s3-sa-east-1.amazonaws.com/nomeBucket/pasta/imag.png, and I access it through this same link.
Would that it were so: imagens.mydomain.com.br / folder / imag.png
Is there any way I can do this? appoint a subdomain address to a bucket?
I've tried the amazon route 53, as CNAME. I tried this: https://s3-sa-east-1.amazonaws.com/nomeBucket/
I took the test yesterday, but apparently it did not work.
Someone already did something similar, and / or know how to help me?
Note: I'm using nginx. also need to configure it for subdomain?
Thank you
You need to rename your bucket to match the custom domain name (e.g. imagens.mydomain.com.br) and set up that domain as a CNAME to
<bucket-name>.s3.amazonaws.com.
(in your case imagens.mydomain.com.br.s3.amazonaws.com.
The full instructions are available here:
http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
Update 2019 : AWS SUBDOMAIN hosting in S3
As of today following steps worked to have a successfully working subdomain for AWS S3 hosted static website:
Create a bucket with subdomain name. In this example www.subtest.mysite.com
Note: Make sure on 'Permission' tab of bucket:
1.Block public access (bucket settings)
2.Access Control List &
3.Bucket policy
are appropriately set to make sure bucket is public. ( Assuming you already did this for your root domain bucket, those settings can be mirrored on this subdomain bucket)
Upload the index.html file in the bucket
Create a CNAME record with your domain provider
I'm going to build on the other answers here for completeness.
I have moved my bucket to a subdomain so that the contents can be cached by Cloudflare.
Old S3 Bucket Name: autoauctions
New S3 Bucket Name: img.autoauctions.io
CNAME record: img.autoauctions.io.s3.amazonaws.com
Now you'll need to copy all of your objects since you cannot rename a bucket. Here's how to do that with AWS CLI:
pip install awscli
aws configure
Go to https://console.aws.amazon.com/iam/home and create a user or go to an existing user
Go to the user's Security credentials tab
Click Create access key. Copy the secret.
Here's a list of AWS regions.
Now you'll copy your old bucket contents to your new bucket.
aws s3 sync s3://autoauctions s3://img.autoauctions.io
I found this to be too slow for the 1TB of images I needed to copy, so I increased the number of concurrent connections and re-ran from an EC2 instance.
aws configure set default.s3.max_concurrent_requests 400
Sync it up!
Want to make folders within your bucket public? Create a bucket policy like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::img.autoauctions.io/copart/*"
},
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::img.autoauctions.io/iaai/*"
}
]
}
And now the image loads from img.autoauctions.io via Cloudflare's cache.
Hope this helps some people!
Related
First problem:
I have a static webpage hosted on S3, a CloudFront distribution pointing to this S3 bucket, and an A record on my domain pointing to this CloudFront distro. I also have some API Gateway and Lambda and DynamoDB stuff going on.
This webpage is a React app following the create-react-app template. As such, when I yarn build, all of the js and css fragments are cache-busted nicely with these random main.d74fc389.chunk.js names. However, importantly, the index.html (and other static files) are not.
When I aws s3 sync build/ s3://xxxx, everything gets uploaded nicely, but the cloudfront root is still pointing at the old cached index.html!
What can I do about this so that my automatic deployment script (basically just yarn build && aws s3 sync build/ s3://xxxxxx works properly?
I am pointing my domain to CloudFront rather than to the straight S3 website because I want a TLS certificate. I have therefore denied access in my policies to the S3 bucket to anyone except the CloudFront OAI.
Second problem:
I've solved this by setting up a default object in CloudFront.
For some reason I keep getting `access denied` errors on my `https://cloudfront.xxxxxx.xxx` (and therefore on my `https://mydomain.xxx`, but accessing `https://mydomain.xxx/index.html` and any other item (including the newly uploaded items, as evidenced by the updated javascript!) has absolutely no issue. Wtf? Here is my S3 policy:
{
"Version": "2012-10-17",
"Id": "Policy1631694343564",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXX"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::xxxxxxx/*"
}
]
}
This was literally autogenerated by CloudFront, so I have no idea how it could be incorrect.
I do have my bucket set to serve a static website, but have declined access to s3:GetObject to the general public, so this URL does nothing. The origin I have set up for my CloudFront is the S3's REST api (i.e. xxxxxx.s3.us-west-1.amazonaws.xxx) rather than the bucket's website URL (http://xxxxxxx.s3-website-us-west-1.amazonaws.xxx/).
The .com in URLs was replaced with .xxx because of StackOverflow rules
Wait for the TTL or invalidate your cache.
aws cloudfront create-invalidation --distribution-id E2FXXXXXX4N0MS --paths "/*"
This may not be suitable if you are doing lots of deployments as there are some limits and costs.
AWS Documentation
I deploy a simple web app to S3 via amplify publish. The hosting has Cloudfront enabled (I selected the PROD environment in amplify while setting up hosting) and I'm working in the eu-central-1 region. But whenever I try to access the Cloudfront URL, I receive an AccessDenied error.
I followed a tutorial at https://medium.com/quasar-framework/creating-a-quasar-framework-application-with-aws-amplify-services-part-1-4-9a795f38e16d an the only thing I did differently was the region (tutorial uses us-east-1 while I use eu-central-1).
The config of S3 and Cloudfront was done by amplify and so should be working in theory:
Cloudfront:
Origin Domain Name or Path: quasar-demo-hosting-bucket-dev.s3-eu-central-1.amazonaws.com (originally it was without the eu-central-1, but I added it manually after it didn't work).
Origin ID: hostingS3Bucket
Origin Type: S3 Origin
S3 Bucket Policy:
{
"Version": "2012-10-17",
"Id": "MyPolicy",
"Statement": [
{
"Sid": "APIReadForGetBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ********"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::quasar-demo-hosting-bucket-dev/*"
}
]
}
Research showed me that Cloudfront can have temporary trouble to access S3 buckets in other regions. But I manually added the region to the origin in Cloudfront AND I have waited for 24h. I still get the "access denied".
I suspect this has something to do with the S3 bucket not being in the default us-east-1 region and amplify not setting up Cloudfront correctly in that case.
How can I get amplify to set the S3 bucket and Cloudfront up correctly so that I can access my website through the Cloudfront URL?
For those whom the first solution does not work, also make sure that the javascript.config.DistributionDir in your project-config.json file is configured correctly. That can also cause the AccessDenied error (as I just learned the hard way).
Amplify expects your app entrypoint (index.html) to be at the first level within the directory you have configured. So if you accept the amplify default config (dist) and are using a project that puts the built files at a deeper level in the hierarchy (dist/<project name> in the case of angular 8), then it manifests as a 403 AccessDenied error after publishing. This is true of both the amplify and s3 hosting options.
docs: https://docs.aws.amazon.com/amplify/latest/userguide/manual-deploys.html (see the end)
Thanks for the additional information.
your S3 Bucket Policy looks Ok.
Regarding Origin Domain name or Path, It is always S3 bucket appears in the drop down so no need to update it with region
However there is one setting missing in your Cloudfront Origin.
you need to select Restrict Bucket access to Yes
As per AWS documentation
If you want to require that users always access your Amazon S3 content using CloudFront URLs, not Amazon S3 URLs, click Yes. This is useful when you are using signed URLs or signed cookies to restrict access to your content. In the Help, see "Serving Private Content through CloudFront
Now create new Identity or select Existing Identity
Click on Create button to save Origin.
While the answer by #raj-paliwal helped me tremendously solving my original problem, Amplify has since fixed the problem with a new option.
If you type Amplify add hosting (or Amplify update hosting for an existing site), Amplify gives you the option of Hosting with Amplify Console.
Choosing this will also create a hosting environment with S3 and CloudFront, but Amplify will manage everything for you. With this option I had no problems at all. It seems that this first option fixes the bug I encountered.
If you want to upgrade an existing site from manual CloudFront and S3 hosting to a Hosting with Amplify Console, you have to call amplify update hosting and select the new option.
{
"Sid": "Allow-Public-Access-To-Bucket",
"Effect": "Allow",
"Principal": "",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/"
]
}
SOLVED: add this to the bucket policy
https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/
I'm trying to allow AWS Route 53 to manage a domain I bought on Name.com so I can apply the domain to an AWS bucket that is hosting a static website.
I've attempted to follow the outlined instructions from this post which I'm guessing is out of date (Domain name setup with AWS S3 bucket with static hosting)
Create the hosted zone with your domain name, domain.com
Create an A record for your domain. On the right side you'll see a radio button "Alias" choose yes, then click into the target box and wait for your bucket to appear under S3 Website endpoints. (More on this below).
Select your bucket and click create.
Head over to your registrar, NameCheap and configure the nameservers to use the AWS nameservers in the NS record from your AWS hosted zone.
Your bucket name must match the domain name.
In the properties tab, you need to enable the static website hosting option and provide your index page.
In the permissions tab, click on bucket policy, then click the policy generator link at the bottom.
In the policy generator, select S3 as the type of policy
Set the principal to *
Set the action to Get Object
set the ARN to the ARN for your bucket /*. For example arn:aws:s3:::domain.com/*
Click Add statement, then generate policy and paste that into the bucket policy and save.
But I'm having an issue with last point 7. Applying the generated policy to the bucket policy, it is throwing the following error:
Action does not apply to any resource(s) in statement
We would suggest try below policy for your bucket which is provided by AWS
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::example-bucket/*"
]
}
]
}
Replace example-bucket with your bucket name
Navigate through below link How Do I Configure an S3 Bucket for Static Website Hosting?
I'm having some trouble with AWS Bucket policies, I followed the instruction and it doesn't let me set the policy, so I can't get my domain to work with the buckets.
Here is a picture. The tutorial told me to replace example.com with my bucket name.
I've been trying to set up my buckets with my domain for over a month now and I just can't seem to get it going. I already purchased my domain, and it's the exact domain name I want, so I don't want to be forced to go to Bluehost with a new domain.
It is quite simple:
Your bucket is called www.justdiditonline.com
Your bucket policy is attempting to create a rule for a bucket named justdiditonline.com
The bucket names do not match
Solution: Use a policy with the correct bucket name:
{
"Id": "Policy1",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::www.justdiditonline.com/*",
"Principal": "*"
}
]
}
I notice you have another bucket called justdiditonline.com. Your existing policy would work on that bucket.
The Setting Up a Static Website Using a Custom Domain instructions detail what to do, and they work fine with an external DNS service using a CNAME to point to the static website URL. The main steps are:
Create a bucket with the domain name www.justdiditonline.com
Add a bucket policy to make content public, or make sure the individual objects you want to serve are publicly readable
Activate Static Website Hosting on the bucket, which will return a URL like: www.justdiditonline.com.s3.amazonaws.com
Create a DNS entry for www.justdiditonline.com with a CNAME pointing to the Static Website Hosting URL
I am currently building a static website for a small startup and decided to us S3 to host it, and have the Domain registered through Route 53.
I have already setup the Bucket as mysite.net within S3, populated by index (I have it is as main.html) and error document. The main.html is within a folder called main so I setup a Website Redirect Location Metadata rule that pointed to the full S3 URL where it is located (https://s3.us-east-2.amazonaws.com/mysite.net/main/main.html).
All of the content has been Made Public, I have my Bucket Policy set up as:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mysite.net/*"
}
]
}
And all should be ready to go. In Route 53 I have the Domain successfully registered for the last few days, with the hosted zone for mysite.net already created, and I have set up an "A Record" IPV4 Alias pointing to the bucket address within S3.
When I got to type in mysite.net in the address bar I get sent to my error.html document, which is better than a 403 - but when I click the Home tab within that document it leads me to my S3 bucket as https://s3.us-east-2.amazonaws.com/mysite.net/main/main.html
My question is two fold:
1) What did I do wrong for mysite.net to continually redirect to error.html
2) How can I ensure I will have Clean URLs throughout - it will look unprofessional if I can go to mysite.net pull up the main page, then click the Contact tab and get send to https://s3.us-east-2.amazonaws.com/mysite.net/contact/contact.html
I have read Site domain redirecting to the url of amazon web services bucket as well as URL Forwarded instead of Masked with AWS S3 Static Site via Route 53 to no avail, and have combed over the S3/Route 53 Docs for static hosting and still am having issues.