Edit: I figured it out. There is a kind of magical combination you have to put together to get this right. Here's mine:
- Create a brand new S3 bucket with default (closed-off) permissions or remove all public access from the target bucket.
- Disable static website hosting. You don't need it.
- If you haven't already, get your SSL cert into Amazon so you can attach it to the cloudfront distribution which will be pointing to your S3 bucket.
- Create a cloudfront distribution pointing to the target S3 bucket, utilizing the cert.
- For the origin configuration, use the www.yourdomain.com.s3.amazonaws.com form for the origin, NOT the static website hosting URL (which should be disabled anyway).
- Let the cloudfront config automatically change the S3 bucket access ("restrict bucket access"). You want access to the bucket restricted to this cloudfront distribution ONLY (via a specific identity). No one should be hitting your S3 bucket directly, especially since it can serve via http (no "s").
- Under the cloudfront "general" tab (or during setup) set your default root object to "index.html" or whatever. Otherwise, requests to https://www.yourdomain.com/ will show permission denied.
While doing all this, keep in mind that cloudfront is trying to cache things, so what you're seeing in your browser may not reflect the latest "truth" of your setup. That is, with long cache times, i think it is possible cloudfront could still serve pages even if you've accidentally cut off access the origin bucket. I set my cache times very low while testing to make sure none of this created confusion.
Edited by: Cyrus on Oct 11, 2019 6:42 AM
Hey there :) I would like to know if I'm on the right direction about how can I update files (changes in my blog) any time that I need. I used to make it thanks a software by FTP but now I want to learn making it as a programmer, so is it possible to be done by (my website don't use cloud front):
- CLI AWS
- Visual studio code toolki aws
I noticed that making it drag and drop is not possible it is not updating
Where is the clear documentation on aws to make it?
Any help would be to appreciated
Cloudfront can not serve s3 website via custom origin deployed via Serverless Frameworkasked 4 months ago
HTTPS/TLS + static S3 websitesAccepted Answerasked 2 years ago
OAI or not OAI for serving a static website in S3 using CloudFrontasked 8 months ago
S3 Static Website RoutingRules when using Cloudfront and a domain nameasked 3 years ago
How to use https with S3 (Alternate Domain Names) and Cloudfrontasked 3 years ago
Help getting custom error pages from S3 into Cloudfront DistributionAccepted Answerasked 5 months ago
Cloudfront not respecting Origin Pathasked 8 months ago
Custom domain cert + cloudfront + s3 origin, https://www.ex.com/ acc deniedasked 3 years ago
403 Error with SSL Cloudfront Static S3 websiteAccepted Answerasked 3 years ago
CloudFront + S3 static website hosting, issues with contact form submissionasked 5 months ago