Serving static site through CloudFront
I've been serving my static site (fromammawithlove.com) through a public S3 bucket but wanted to switch to CloudFront so I can block public access, but am getting a DNS error that the site can't be reached.
I have a valid AWS generated certificate and testing the record in Route 53 gives me "no error" response but I can't reach the site.
Would appreciate any ideas.
Since it does not matter what the bucket name is when using CloudFront, I would create a new bucket and copy the files from your existing bucket to the new bucket. Then create a CloudFront distribution pointing to this bucket. Test, just using the CloudFront domain name. Once everything is working, create a Route 53 entry, like test.fromammawithlove.com, and see that everything is working correctly. Then update your production Route 53 entries to point to the new CloudFront distribution.
Instructions are here: How do I use CloudFront to serve a static website hosted on Amazon S3?.
Thanks for the response @kentrad. I created a test bucket and a new CloudFront distribution with OAI enabled for it but going to its origin (http://d1d0a5lvb811zl.cloudfront.net/index.html) gives me a 504 error.
I did copy the settings from my existing bucket which may be the problem so I'll try creating another bucket and set the parameters manually to see if that makes a difference.
Progress, I can now make a distribution that points to the test bucket and serve it up.
Now to setup Route53 properly so it can route to this Cloudfront bistro.
Have you set up an Origin Access Identity so that CloudFront can access your private bucket via its REST endpoint? You can set this all up via CloudFormation but also it can be done from the CloudFront console when setting up an origin - select "Yes use OAI (bucket can restrict access to only CloudFront)".
Note one thing that's different to a public bucket is that auto-redirect of requests to index objects (other than at the site root) doesn't work, and workarounds e.g. via Lambda@Edge are needed if this is a problem for you.
Thanks @kinsman, the test bucket does have OAI enabled and I'm not looking for anything other than the site root.
S3 Block Public Access + Bucket Policy - Access Deniedasked 4 months ago
Serving static site through CloudFrontAccepted Answerasked 16 days ago
CloudFront Distribution not serving S3 Bucket pages unless /index.html included in URLasked 5 months ago
OAI or not OAI for serving a static website in S3 using CloudFrontasked 3 months ago
CloudFront giving access denied to subfoldersasked a year ago
Cloudfront with a Lambda@Edge pointing to a private S3asked 2 years ago
Connect to s3 site securelyasked a year ago
Static bucket redirect requests append index.html to homepage URLasked 2 years ago
Simplest and tightest way to secure S3 buckets for static websitesasked 3 years ago
Correct process for configuring S3 bucket so ONLY Cloudfront can access?asked 3 years ago