Static website using s3 buckets and cloudfront

0

I have been trying to create a secure website with a domain name registered in route 53. I Requested a public certificate so that Amazon CloudFront distributions require HTTPS. I created 2 buckets in s3 and selected on Block all public access. I followed the instructions to create a cloudfront distribution in "Configuring Amazon Route 53 to route traffic to a CloudFront distribution". I created OAC and copied the policy to the bucket policy. I created an alias record that points to my CloudFront distribution. Can't access the website.

If the Block all public access is set to on for a bucket used for a static website, can the website be accessed by routing traffic to a CloudFront distribution.

4 個答案
1
已接受的答案

Hi User,

You should be able to use CloudFront to serve a website hosted on an S3 bucket with Block Public Access settings enabled. You might want to refer to this link for more details on how you can configure it.

Hope this helps!

AWS
turtle
已回答 1 年前
profile picture
專家
已審閱 6 天前
1

Public Access to your bucket must be off, otherwise this will not work. If you read the link that @turtle provided it says:

Add a bucket policy that allows public read access to the bucket that you created. Note: For this configuration, the S3 bucket's block public access settings must be turned off. If your use case requires the block public access settings to be turned on, use the REST API endpoint as the origin. Then, restrict access by an origin access control (OAC) or origin access identity (OAI).

profile pictureAWS
Niko
已回答 1 年前
  • @rePost-User-9152533 - if you think my answer is to your satisfaction, can you please accept it ? :) if not, happy to assist you more.

  • Thank you! I will have to read up on the REST API.

0

When I go to certificate manager (certificate is issued) and click “create records in route 53” and I clear the filters, “Validation status: Pending validation”, “Validation status: Failed”, my domains appear with “validation status = success”, “Is domain in Route 53? = yes”. The create record button is not available to be clicked to create the CNAME TYPE records in route 53. The DNS records are validated, and the domain is in Route 53.

Why can’t I “create records in route 53?

已回答 1 年前
  • For you to be able to have an active "Create records in Route 53" button, you would have to satisfy these 3 requirements as per this link:

    1. You are using Route53 as your DNS provider
    2. You have permission to write to the zone hosted by Route 53
    3. Your fully qualified domain name (FQDN) has not already been validated

    In this case, it seems like your domain name has already been validated and hence the button is not available.

0

I used this link above to set up my s3 bucket to be accessed as a static website. I have used the REST API endpoint as the origin. I restricted access with an origin access control (OAC) I used an incognito window to access the website and it still doesn't find it.

No mention of route 53. Does it need a CNAME type record?

已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南