• Home>
  • devops>
If this helped you, please share!

Use CloudFront to serve S3 static site over HTTPS

Published March 31, 2021 in devops - 0 Comments

Say you created a simple, static website but you don’t want to manage or pay for a lot of hosting solution. One option is to use S3 to host your static website; a cheap and easy to manage solution if you stay within lower usage limits. Unfortunately S3 only serves sites over HTTP, and browsers are starting to flag sites that don’t serve over HTTPS as untrusted. It is possible to serve a static website hosted in a S3 bucket over HTTPS cheaply by using CloudFront, again as long as your data transfer and number of requests are low. One downside to this approach is that CloudFront request pricing for HTTPS costs more than HTTP. Hopefully AWS will change that pricing model as HTTPS becomes the standard for serving requests and sites. Also if you’re going to use AWS, make sure to create a budget and set up alerts to avoid unpleasant spending surprises.

This example uses a bucket called aylas-static-website-bucket. The first step is to protect the bucket and make sure bucket contents are not public. The bucket policy shown in the image was generated by CloudFront after creating an origin. More on that later.

AWS S3 bucket policy

The next step is to create a CloudFront distribution and configure an origin settings for the bucket that’s hosting the site. Once the origin settings are saved, the bucket policy shown above will be created as long as the option to update the bucket policy is selected.

AWS CloudFront create distribution

These are distribution settings that use a default SSL certificate created by CloudFront. I found that I also had to set a root object to access the site. This distribution is set up to use the URL generated by CloudFront. Other domain names can be configured, but also cost more.

AWS CloudFront distribution settings

This is the origin CloudFront created to serve bucket contents. Note that the distribution ID matches the bucket policy principal.

AWS CloudFront distribution origin

After the distribution is configured, your site will be accessible though HTTPS through whatever domain name was configured for the distribution:

AWS CloudFront domain
Tags: aws

No comments yet

Leave a Reply: