This project reflects work done to host this static website on AWS, register domain name, obtain SSL certificate and deliver content using aws CloudFront to end users
Take a quick look at Work Flow Diagram to get hight level picture of work to be done
Plan of Work:
- Register a new domain 'sharif-cloud.com'
- Create Hosted zone for DNS records
- Create main and redirect S3 buckets and load website files
- Create DNS record to route new domain to S3 public endpoints
- Request SSL certificate from Certificate Manager
- Create CNAME records in Hosted zone for main and redirect DNS names
- Create two CloudFront distributions and link them to each bucket's public endpoint and their domain names respectively
- In hosted zone, change both domain record configurations to re-route traffic to CloudFront distributions instead of S3 public endpoints
- Main domain: sharif-cloud.com
- Redirect domain: www.sharif-cloud.com
Actual steps:
- In Route 53, register a domain name
- Create s hosted zone
- When we register a domain name AWS automatically creates a hosted zone for us.
- Note: Hosted zone is a container of records and each of those records contain information about how to route traffic to a specific domain. Ex: sharif-cloud.com will be routed to the link from s3 bucket's public endpoint where static website lives in. And www.sharif-cloud.com link will be routed to another s3 bucket's public endpoint and that in turn will redirect traffic to previous s3 bucket that's housing this static website.
- In S3 console create S3 buckets for main and redirect domains.
- Bucket name must match domain name (website name)
- Allow public access to bucket in properties section
- Enable static website hosting in properties section
- Add following read rights policy in permissions section of the bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::bucket_name/*"
]
}
]
}
- Upload websites .html documents
- S3 bucket for redirect domain
- Bucket name must match redirect domain name
- Allow public access to bucket in properties
- Enable static website hosting in properties and chose option 'Redirect requests for an object'
- Route 53 - Hosted zone. Currently has one domain name registered but not linked to any website.
- Create two records, one for linking main domain to main s3 bucket. Another for linking redirect domain to s3 redirect bucket. Only difference between both records is the 'Record name' box
- Quick create record - if linking to www.XXX website then add only www in the name, otherwise leave name empty.
- Record type - 'A-Routes traffic to an IPv4 address'
- Route traffic to - 'Alias to website endpoint'
- Region '' region where S3 buckets are created in
- Lookup - respective S3 buckets public endpoint
- Now after couple mins check in browser both domains will be routing traffic to your website. However, connection is HTTP and is not secure. To make it secure we need to create SSL Certificate and use cloudfront to redirect all HTTP connection to HTTPS
- AWS Certificate Manager - Request a certificate - request a public certificate
- Add both domain names in Fully Qualified Domain Names (FQDN)
- Select DNS validation and click request.
- After certificate is created, we need to validate it. Open certificate's configuration and select 'Create records in Route 53' and add both FQDN we previously issued certificate for. In our hosted zone we can see two newly created CNAME (certificate name) records. Now that certificate is ready, we will apply it to our website using AWS Cloudfront
- In AWS Cloudfront distribution
- Create distribution
- From main S3 bucket, in the properties copy the 'Bucket website endpoint' and paste it in the 'Origin name' section of cloudfront distribution
- Disable origin shield
- In the 'default cache behavior' select 'HTTP to HTTPS'
- In 'setting' section select desired price class for our content delivery
- Fill in 'Alternate Domain Name' with our main website domain name and done
- Create another distribution for our redirect s3 bucket with same configurations, except use redirect bucket's endpoint and respective domain name for our alternate Domain Name
- Now our both distributions have auto-generated domain names
- In redirect S3 bucket's properties, static website hosting section, in Protocol subsection change to HTTPS option
- Finally, go to Route 53 - hosted zone and change both domain's A records. Changes to make: in section 'Route traffic to” change to 'Alies to CloudFront Distributions and in lookup section below it choose (or copy paste) respective CloudFront distribution domain name. This way we rerouting traffic to our CloudFront distributions, that in turn are routing traffic to s3 buckets website endpoint and their alternate DNS names using HTTPS protocol.
And now it's time to check our website in browser… Vuala, both domain names redirect traffic to our website using secure HTTPS protocol.