How to host a static website using AWS S3, CloudFront, Route 53 and Cert Manager

AWS

In addition to running this blog I also run several online forum communities, but in the past I never had a place to showcase these communities in one place. This post will detail my steps I took to host a static website using AWS S3, CloudFront, Route 53 and Certificate Manager to showcase those communities all in one place. All without the need to worry manage another server.

Requirements before getting started:

  • An Amazon Web Services account.
  • Domain name – I use and suggest either Namecheap or NameSilo to register new domains if you haven’t already. (Use coupon SAVE1OFFNAMESILO at NameSilo to save $1.00)
  • Already have a static HTML page designed and ready to upload.

So briefly I’ll explain why I choose these services and what they will offer.

  • S3 – Is the Simple Storage Service which will store the HTML files and allows us to host static web pages without the need to maintain a server of anytime – just upload the files. For example, the URL would look something like this: http://BUCKETNAME.s3-website-us-east-1.amazonaws.com/index.html
  • Route53 – Is the DNS provider which will allow me to change that long URL from S3 and instead use my custom domain name, in this post I’ll be using SpurGearMedia.com.
  • Certificate Manager – Gives us FREE SSL certificates, plus every site should be using HTTPS.
  • CloudFront – a CDN which will not only allow our site to load even faster, but a requirement in order to use the free SSL from Certificate Manager.

One final note: During this process I’ll be using the domain name SpurGearMedia.com, simply replace that domain name with your own when following these steps.

So with that, lets get started!

Host a static website using AWS S3

S3 – Create and configure bucket for static hosting

  1. Log into your AWS account and create a bucket called www.yourdomain.com, be sure to include the www. at the begining of the bucket name as this is important. Select what ever region works best for you, for me I’m picking US East.
    creates S3 bucket name
  2. Enable static website hosting for the bucket under the Properties tab.
    create s3 bucket properties
    and set index and error document file names and click SAVE.
    create s3 bucket properties static website hosting
    Make note of the bucket endpoint URL!
  3. To allow this bucket to be publicly view-able we need to edit the bucket policy, under the permissions tab
    create s3 bucket policy
    and type the following:

    
{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::www.yourdomain.com/*"]
    }
  ]
}

    Note: Be sure to replace yourdomain in the policy with your own domain name!

  4. Upload your static HTML pages to the new bucket.
    create s3 bucket upload files

At this point you should be able to access your site via the endpoint bucket URL, assuming you also used US East as your region: http://www.yourdomain.com.s3-website-us-east-1.amazonaws.com

Certificate Manager – Request a free SSL certificate

Some might question the need for an SSL on a static page, but for me there are plenty of security and privacy concerns that justify a certificate. Further there are SEO boosts associated with using one and finally it’s FREE – so really why not use it? :)

  1. Open Certificate Manager located under Security, Identity & Compliance
    certificate manager
  2. Click on “Request a certificate” then add your domain name. Be sure to add the *.yourdomain.com and yourdomain.com and then click on “Review and request“.
    certificate manager add domain
  3. Confirm and request the certificate and then AWS will attempt to send you an email to validate the request. You can click on the arrow next to the domain name to see which email addresses AWS will attempt to send it to.
    certificate manager email

    4. This is probably the “hardest” step as you need to ensure you can get email either from the domain name or from the email associated with the domain name via the WHOIS records (in this case that would be [email protected] for me since I use WHOIS protection).

  4. Once you receive the email from AWS, click on the link within the email to approve the certificate requests.
    certificate manager approve

    5. NOTE: AWS will send you an email for both *.yourdomain.com and yourdomain.com – be sure you approve BOTH requests!

CloudFront – Setup CDN and use HTTPS

Not only will CloudFront allow us to use that free SSL cert from above as you’ll soon see it will also allow use to use HTTP/2 which in many benchmarks – has been much faster than HTTP. Add to that we’ll be using the large CDN network that is CloudFront further improving our site speeds!

  1. Open CloudFront under Networking & Content Delivery.
    cloudfront
  2. Click on “Create Distribution” then under Web distribution click on “Get Startedcloudfront web get started
  3. Instead of going over every single option I’m only going to list the things I changed, the rest you can leave default:

    Origin: S3 Website endpoint URL – as noted in Step 2 above in the S3 section.
    Viewer Protocol Policy: Redirect HTTP to HTTPS
    Compress Objects Automatically: Yes
    CNAMEs: www.yourdomain.com
    Custom SSL Certificate: select your newly created cert from above.
    Default Root Object: index.html

    Then click on “Create Distribution

    NOTE: By default CloudFront will show you a list of origin’s and will suggest the S3 Bucket – do NOT use the S3 bucket name but instead the S3 bucket ENDPOINT URL. We made note of this in step 2 (example: http://www.yourdomain.com.s3-website-us-east-1.amazonaws.com)

So while requesting and validating the certificate request is the “hardest” part, CloudFront is certainly the longest part. Not because we’ll be doing complex settings but because it takes a long time for the distribution to be created. Like 30 minute to several hours!

Route 53 – Configure DNS

Now it’s time to put everything we’ve done up to this part together and allow us to access our site using yourdomain.com.

  1. Open Route 53 under Networking & Content Delivery.
    route53
  2. Under Hosted zones click on “Create Hosted Zone“.
    route53 create hosted zone
  3. Enter your domain name and under type select “Public Hosted Zone” and click on “Create“.
    route53 create hosted zone domain
  4. Next take the name servers (NS) AWS provides and update your domain name servers with your domain registrar (such as Namecheap or NameSilo)
    route53 create hosted zone domain nameservers
  5. Now create a new record set. For the name type www and Type select A record (A- IPv4) and select YES for Alias, then for the Alias Target select your newly created CloudFront distribution and click on “Save“.
    route53 alias record

Once DNS updates (can take up to 48 hours) you should now be able to access your website by going to https://www.yourdomain.com. Also any request to http://www.yourdomain.com will automatically be redirected to HTTPS://www.yourdomain.com

We’re nearly finished but now we need to have the non-www version of your domain redirect to https://www.yourdomain.com. The biggest reason for doing this final redirect is so search engines won’t detect your site as two separate sites (one with www. and one without) and thus flag you for duplicate content.

Redirect Non-WWW to WWW

In a nutshell you’ll repeat the steps above with only a few minor changes which I’ll quickly touch on below.

  1. Create a new bucket in S3 called yourdomain.com (notice the missing www. at the beginning!) then enable static website hosting but this time select “Redirect Requests” and enter the first bucket’s name (www.yourdomain.com)
    nonwww s3 bucket redirect
    NOTE: Again take note of the endpoint URL
  2. Create a new CloudFront web distribution and use the following settings:
    Origin: S3 Website endpoint URL of second bucket (noted in step 17).
    CNAMEs: yourdomain.com
    Custom SSL Certificate: select your newly created cert from above.

    Then click on “Create Distribution

  3. Then finally, in Route 53 create another Record Set and this time for the name leave it blank, for Type select A – IPv4 and set Alias to Yes and select the second CloudFront distribution you just created and click on “Save Record Set“.
    route53 alias redirect record

Now once DNS is updated, no matter how anyone tries to access our website – with or without the WWW or even with or without HTTPS the user will also be redirected to the single domain https://www.yourdomain.com. This redirect is a 301 redirect which is the proper way to do it and will make search engines happy. One consistent URL no matter what.

So how fast is it? Per GTmetrix.com, a popular website bench marking tool my site gets a PageSpeed Score: A and YSlow Score: B and loads in 1.3s!

speed test

The best part is, I don’t have to worry about managing a single server and it costs next to nothing to run.

Similar Posts

AWS Systems Manager

Using AWS Systems Manager to regain access to an EC2 machine

AWS
3 Comments

The other last night I received a call from a co-worker who added a Windows firewall rule to a production AWS EC2 machine running Server 2016. Soon after he couldn’t access the server via RDP nor were any of the IIS sites loading.

Of course a snapshot was not created prior to the change, because “It worked in Test”.

At first I thought we might be up a creek and restoring from an older backup. But, then I remembered AWS Systems Manager and the ability to send commands to an AWS EC2 machine via the AWS console.

Below are the quick steps I took to disable the Windows Firewall using AWS Systems Manager to regain access into the EC2 machine.

Read More “Using AWS Systems Manager to regain access to an EC2 machine”

How to host a static website using AWS S3 and Cloudflare

AWS
55 Comments

I’ve been noticing a previous post about how to host a static site using various AWS services has been gaining in popularity.

Most recently a blog post by Thom Greene (@tbgree00) had mentioned the previous article and while all the steps in the previous post are accurate and works – I wanted to share how I now host static websites using AWS S3 and Cloudflare.

Read More “How to host a static website using AWS S3 and Cloudflare”

Passed: AWS Solutions Architect – Associate Exam Tips

AWS
0 Comments

aws-solutions-architect-associate

Yesterday morning I finally took the AWS Solutions Architect – Associate and even managed to pass it!

While everything about the exam is still fresh in my mind I wanted to share my experience taking the Solutions Architect – Associate exam as well as share a few tips that certainly helped me in taking the exam in hopes that it might help others as well.

Read More “Passed: AWS Solutions Architect – Associate Exam Tips”

How to migrate a VMware virtual machine to AWS

AWS
5 Comments

Migrate VMware VM's to AWS

At work we’ve been toying with the idea of moving some of our VMware workload off to AWS and I’ve been tasked with migrating a couple VMware virtual machines to AWS as a proof of concept for the time being.

In this post I’ll show how I setup the AWS Connector and did the migration from VMware to AWS using the AWS Server Migration Service.

Read More “How to migrate a VMware virtual machine to AWS”

Backup Synology NAS to Amazon Glacier

Synology
4 Comments

Recently I replaced my Synology DS1815+ with a new Synology DS1621+ NAS.

After migrating all the data from the old to new NAS and re-setting up Backblaze on the new Synology, I wanted to have a second backup of everything… just in case.

If you already have an AWS account and want to know how to backup your Synology NAS to Amazon Glacier then keep reading.

Read More “Backup Synology NAS to Amazon Glacier”

security headers static site

How to add Security Headers to an AWS S3 static website

AWS
0 Comments

I’ve created a couple posts in the past on how to create a static website using AWS S3 bucket and Cloudfront and using S3 with Cloudflare. Recently I’ve been getting more questions on how to add security response headers to an AWS S3 static website.

If you’re not familiar with security headers, basically security headers is another layer used to protect your websites. Web.dev has a good article here is a good article on many of the popular security header types. You’ll also want to check out securityheaders.com to easily check the security headers of your own site too.

With that, lets see how to add these security headers to your own static website.

Read More “How to add Security Headers to an AWS S3 static website”

Leave a Reply

Your email address will not be published. Required fields are marked *

8 Comments

      1. Yes, I solved my issue. I deleted all files from the bucket, uploaded again and instantly did a request to my site.

        Apparently this causes CloudFront to have some issues when redirecting (creating a bucket and instantly requesting) but after a day it started working correctly again.

        Thanks for your guide

  5. Thank you for this guide! The S3 bucket static website endpoint specifically helped me – thanks.

    There is a typo in the first paragraph: “All without the need to worry manage another server” – should be something like “All without the need to worry about managing another server” – hope this helps.

    Thanks again.

    Reply