Static site hosting with Cloudfront and S3
Step 1: Create a bucket in S3
This is an easy first step that can get you started with creating a deploy pipeline, as I did in my case. Just create a bucket with public access and static site hosting. Test it using the S3 generated URI.
Then you can finish your deploy pipeline and test that too before proceeding. An example of mine is in the git repo of my site.
Step 2: Create a domain in Route53
I setup a new hosted zone in Route53, this is pretty self-explanatory. In my case it was midjich.name, no sub-domain yet because we need a CloudFront distribution first.
I'm creating the domain first because step 3 requires you to authenticate with either a CNAME record or e-mail and it's just much easier to authenticate with CNAME. AWS has that fully integrated into the UI so you just point and click.
Step 3: Create a TLS certificate in AWS Certificate Manager
This is good to get out of the way before creating a Cloudfront distribution because then you can select the certificate during the Cloudfront creation process.
The process is pretty self-explanatory, I used the domain stefan.midjich.name and chose DNS verification because then I can just allow AWS to create their own CNAME record and verify ownership of the domain.
Step 4: Create a Cloudfront distribution
Cloudfront is required if you want to use your own domain and TLS, it sits infront of your S3 back end and terminates TLS. It also makes requests for objects in S3.
I use mostly default settings but here's a list of what I change during Cloudfront distribution creation.
- Origin Domain Name - Use your S3 website endpoint here, it's bucketname.s3-website.region-1.amazonaws.com (or in my case stefan.midjich.name.s3-website.eu-north-1.amazonaws.com). You can find your website endpoint name as a URL in the S3 bucket Properties under Static website hosting.
- Compress Objects Automatically - Yes
- Alternate Domain Names - Enter your full domain here, in my case stefan.midjich.name.
- Default Root Object -
index.htmlin my case, this is only to find the index file of the root / path.
- Custom SSL Certificate - Your cert should appear here automatically if you use the form input field.
Observe that Cloudfront is as of writing unable to handle sub-directory indexes, unless you enter your S3 address as I do here. If you use the AWS provided "REST" endpoint of your S3 bucket, that AWS provides you in their dropdown list, you must create a lambda trigger function as described here.
Step 5: Point your domain to Cloudfront
Now you create the domain record in Route53 that points to Cloudfront. In my case it's a subdomain but that doesn't matter. This is fairly simple because you select Alias and can find the Cloudfront distribution in the dropdown list.