Skip to content

Instantly share code, notes, and snippets.

@Duder-onomy

Duder-onomy/static-sites.md

Last active August 8, 2019 20:50
Show Gist options
  • Save Duder-onomy/854759c74746a5b5b09097f133cb3648 to your computer and use it in GitHub Desktop.
Save Duder-onomy/854759c74746a5b5b09097f133cb3648 to your computer and use it in GitHub Desktop.
Download ZIP
S3 + Cloudfront + Route53 + SSL + Single Page Apps
Raw
static-sites.md

Requirements:

  • Custom Domain name
  • S3 Hosting
  • Cloudfront cacheing
  • Redirect www.website.com to website.com
  • SSL
  • All requests fallback to index.html (SPA support)

S3 Bucket

  • Create an S3 bucket.
  • In Properties, click the Static Website section.
    • Click Use this bucket to host a website and enter index.html into Index Document field.
    • Don't enter anything else in this form.
    • This will create an "endpoint" on the same screen similar to http://website.com.s3-website-us-east-1.amazonaws.com.
  • Then click on Permissions tab, then Bucket Policy. Enter this policy:
{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKET_NAME/*"
        }
    ]
}

Be sure to replace BUCKET_NAME with yours.

CloudFront

  • Go to the CloudFront section and click Create Distribution and then create for Web, not RTMP.
  • In Origin Domain Name, select the s3 bucket in question.
  • Don't do anything with settings regarding SSL, we will do that later.
  • Select "yes" for Compress Objects Automatically.
  • In Alternate Domain Names (CNAMEs), put the domain names which you want to correspond to this bucket. Put each on their own line OR separated by comma. mywebsite.com,www.mywebsite.com
  • In Default Root Object, type index.html.
  • Create. The next screen will show distributions in table form, the one we just made will be "in progress" for a few minutes

The distribution will have a domain name like dpo155j0y52ps.cloudfront.net. This is important for DNS (see below). So copy it somehwere.

Route 53

  • Click Hosted Zones
  • Open the zone for your purchased domain or create a new zone (name it like the domain eg: website.com)
  • NOTE: The NS records can be used to point DNS management from other domain registrar to AWS Route 53
  • Click Create Record Set to create an A record.
    • This will be the record that points mywebsite.com to CloudFront.
    • For the name, enter no value
    • Change Alias to Yes
    • Paste the CloutFront domain in the Alias field
      • This should look like [some-random-number].couldfront.net. You can get this by clicking your CloudFront distribution and in the General tab there is a "Domain Name" label.
    • Click Create Record Set
  • Create another A record for the www redirect
    • Follow the same steps for the previous A record, but enter www for name and use the same CloudFront domain.

HTTPS

In the AWS Console, go to Certificate Manager and request a cert for domain and all sub domains.

For .io TLDs: http://docs.aws.amazon.com/acm/latest/userguide/troubleshoot-iodomains.html

We will be required to verify certificate via email or DNS. Chose DNS. AWS will ask you to add some CNAME records to your Route 53 DNS, there should be a button to allow AWS to do it automatically... thats what we want.

After the verification is done and the cert is "issued", we can go back into CloudFont to edit our distribution for this domain:

  • Click the distribution and on the next page (in the General tab), click Edit
  • Check the box for Custom SSL Certificate
  • Select our cert and save.
  • When done with the form, click the Behaviors tab and edit the only record that should be there
  • Select Redirect HTTP to HTTPS. Click Save

SPA

Because the website is a SPA, we need to make sure all requests to the server (S3 in this case) return something even if no file exists. "not found" pages are handled in the front-end. Go to CloudFront and click the distribution you want to apply these SPA settings to. Click the Error Pages tab and add a new error handler for 404's.

  • HTTP Error Code: 404
  • TTL: 0
  • Custom Error Response: Yes
  • Response Page Path: /index.html
  • HTTP Response Code: 200

Then add another error handler for 403's

  • HTTP Error Code: 403
  • TTL: 0
  • Custom Error Response: Yes
  • Response Page Path: /index.html
  • HTTP Response Code: 200

Basic Authentication

WIP.

You might want to secure this site behind a known username and password using HTTP Basic Authentication. You will need to add the following header to all outgoing requests (either route53, or cloudfront) WWW-Authenticate: Basic realm="User Visible Realm" Use AWS WAF -> Configure -> (New) -> String and Regex Match Conditions -> header === basic Base64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment