- Newest
- Most votes
- Most comments
Hi There
Owning a domain name is not the same as S3 bucket naming. S3 bucket names have to be unique, and there is no way to stop another AWS user from using your domain name for their bucket. However, there is an alternative way to deploy your site. You can use CloudFront to serve a static website that’s hosted on Amazon S3. You can then point your DNS to the CloudFront distribution. If you use Route53 for DNS, you use an "ALIAS" record to point the "non-www" domain to the CloudFront Distribution. See https://repost.aws/knowledge-center/cloudfront-serve-static-website and https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html
Indeed, S3 static website hosting isn't a recommended option. It's best to set up a CloudFront distribution and point it to the S3 bucket, as Matt-B correctly advised. It will give a number of benefits, including caching, the ability to use Web Application Firewall to control traffic or AWS Shield Advanced for DDoS protection, selectively routing some parts of the website to static files in S3 and others to custom Lambda code or web application server, and many other options.
Fundamentally, the cause of your problem is that the basic static website hosting for S3 is based on the bucket being named identically with the website, and anyone can create a bucket with any website's name without proving any ownership over the domain name.
The best option, regardless of whether the name has been hijacked already, is disabling static website hosting for your S3 bucket and setting up a CloudFront distribution to receive traffic from end users and use Origin Access Control (OAC) for CloudFront to authenticate to your S3 bucket. Point your DNS names to the CloudFront distribution in the Route 53 hosted zone. This setup will not be possible for anyone to hijack and doesn't involve the legacy static website hosting option in S3.
Thanks for the response.
I appreciate that there is no way to stop another AWS user from using my domain name for their bucket - and I will look I to the solution. Can you explain how are they able to use my domain?
Relevant content
- asked 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Where is your domain registered? Can you verify that the Name Servers are pointing to your Route53 tenant?
They can receive traffic for your domain name by you having alias records of the type "Alias to S3 website endpoint" in your Route 53 hosted zone. If you delete the record, the site they are serving will stop working. However, you won't be able to use S3's legacy static website hosting option yourself to serve the site, since the other party already has a bucket matching your site's name. You'll have to use CloudFront.