HTTPS for Amazon S3 static website

ssl https amazon-s3 amazon-cloudfront
68,329

Solution 1

Yes, as of today you can do it at no charge.

You can now use HTTPS with CNAMEs on CloudFront as it now supports custom SSL certificates using Server Name Indication (SNI): http://aws.typepad.com/aws/2014/03/server-name-indication-sni-and-http-redirection-for-amazon-cloudfront.html

I managed to set up a free Class 1 StartSSL cert for my CloudFront distributed static site on S3 without too much trouble (see: CloudFront error when serving over HTTPS using SNI).

Solution 2

On 2016-01-21 AWS launched AWS Certificate Manager, which is a free service that allows you to issue a SSL certificate to be used with Elastic Load Balancer and Cloud Front (along with S3 too).

You can learn more at: https://aws.amazon.com/certificate-manager/

And you can check how to deploy your S3 + Cloudfront website with free SSL from AWS at: https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/

Solution 3

As of today, Cloudfront offers custom SSL: http://aws.amazon.com/cloudfront/pricing/

Keep in mind, they are charging $600 / month. More details on the link above.

Solution 4

For me I had to upload a simple React website to S3. As barbolo describes you need a certificate to access site through SSL. If the static site that you want to deploy is simple enough you can:

  1. Upload to S3.
  2. Do not select "Static Website Hosting"
  3. Convert all relative links (to css, js, etc) to absolute links.

e.g. from /css/media.css you should convert it to https://s3-region-amazonaws.com/bucket-name/css/media.css (for me I had to change only links in index.html)

  1. Make only the contents of bucket public.

Thats it. You can access the index file through https.

A Simple site is a site with a main index.html file that points to some css and js pages.

Share:
68,329
jamix
Author by

jamix

Passionate about Natural Language Processing. Founder of a VC-backed video conferencing startup. Drupal developer and equity sales in the past. Jazz piano and DJing aficionado. Father of three.

Updated on May 04, 2020

Comments

  • jamix
    jamix almost 4 years

    I want to host a HTTPS-only static website using Amazon S3 and CloudFront. Here's what I've done so far:

    1. Set up an S3 bucket for static website hosting and put my website files in it
    2. Created a CloudFront distribution and pointed it to the S3 bucket
    3. Added a CNAME record in my domain's nameservers for the www subdomain pointing to the CloudFront bucket.

    So far, so good - I can access my website using the www.example.com address. However, I want the site to be available via HTTPS only, for which I bought an SSL certificate from GoDaddy.

    Now, the question is:

    1. Is there a way to install this third-party SSL certificate on my S3-hosted website?
    2. Is there a way to have an automatic http to https redirect with this setup?
  • Pacerier
    Pacerier over 10 years
    600 / month......
  • Martin OConnor
    Martin OConnor about 10 years
    You only pay $600 if you want a dedicated IP address. If you are happy to use SNI (which is not supported by older browsers), no extra charges apply
  • bchurchill
    bchurchill about 10 years
    The caveat here is it doesn't work for some types of older browsers... but that's an awesome alternative to paying $600/month!
  • tiberghien Jeffrey
    tiberghien Jeffrey almost 10 years
    If you're willing to support modern browsers only (through SNI), this is now much cheaper: aws.amazon.com/about-aws/whats-new/2014/03/05/…
  • elado
    elado over 9 years
  • tresf
    tresf almost 9 years
    Feedback: bryce fisher's guide was very good.
  • skeller88
    skeller88 over 8 years
    There's a subtlety here. You can have HTTPS for an S3 bucket if it is not configured for website hosting. See the Note that says "The website endpoints do not support https."
  • Mike_Laird
    Mike_Laird over 7 years
    OK, to get past "subtlety" and describe in plain English, here's my shot at it. An S3 bucket with static web page content (html) can be turned into a web site with a few clicks. This web site can only use http. If you want https, you have to use AWS's Cloudfront service and configure it for SNI to get https for free. (A few very old or odd browsers do not support SNI.) The html and other resources can be stored on S3 at a low cost. Additionally, if you get the domain name from AWS, you must use their Elastic Load Balance service. Fees are a few cents per gig.
  • natronite
    natronite over 7 years
    Doesn't CloudFront add costs even though custom ssl for SNI is free? They charge $0.01 per https request?
  • paranoid
    paranoid over 7 years
    I just set this up for my site this morning. It's a static site hosted in s3. It was super easy. I simply went to the acm manager, requested a cert, putzed around with my email settings for a few hours (ended up making my WHOIS info public while I waited for the confirmation email), and then set up route53 to point at the cloudfront endpoint. Very happy I found this comment.
  • Piyush S. Wanare
    Piyush S. Wanare over 7 years
    @paranoid With this can I host my s3 website as https-only?
  • barbolo
    barbolo over 7 years
    @PiyushS.Wanare yes, you can!
  • Costa Michailidis
    Costa Michailidis over 7 years
    This is FREE now! aws.amazon.com/certificate-manager Scroll down to the dollar sign icon. Plus I think they renew automatically. And setup is as easy as entering the domains you want on the cert and clicking the validation link in the email that follows.
  • Costa Michailidis
    Costa Michailidis over 7 years
    Put the HTTPS link in the CNAME record in Route53.
  • abbood
    abbood about 7 years
    i find it amazing that this answer got awarded the right answer, when it simply doesn't address the question: as stated by @skeller88, s3 https doesn't work for website hosting.
  • abbood
    abbood about 7 years
    @paranoid not sure what you mean by "cloudfront endpoint".. where do i get that information from?
  • paranoid
    paranoid about 7 years
    @abbood If you go to your cloudfront distributions, select the distribution you want to use and click "distribution settings" (or just click the ID) and in the general tab you'll see "Domain Name". I used that in my route53 record - it's an A record with the alias target of the cloudfront domain name. More can be found here: docs.aws.amazon.com/Route53/latest/DeveloperGuide/…
  • avs099
    avs099 over 6 years
    StartSSL is dead, distrusted by Chrome, FF, Apple; and they do not issue certificates anymore. Consider LetsEncrypt if you want free certificates.
  • user1874634
    user1874634 over 5 years
    Awesome. Thanks
  • yerzhan7
    yerzhan7 over 5 years
    @skeller88 - so, communication between CloudFront and S3 is not encrypted and can be attacked by the MITM, right? Isn't it a serious security issue for my website (even if it uses HTTPS with CloudFront)?
  • Sébastien
    Sébastien about 5 years
    If your app targets production this is a bad idea.
  • alexopoulos7
    alexopoulos7 about 5 years
    sébastien please share with us more details why this is bad idea. We give public read access to objects not to bucket.
  • Nitesh B.
    Nitesh B. almost 5 years
    Its a good and simplest way but remember, for every single file in your application the request will travel on internet which will reduce performance of your application. Using CloudFront is the best idea in this scenarios.
  • Dustin Sun
    Dustin Sun almost 5 years
    @NiteshB.CloudFront is ass-pain when you need update your S3 objects often

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cloudfront serving over own SSL certificate
How can I use https with AWS Cloudfront without paying $600 to upload my cert?
CloudFront wasn't able to connect to the origin
Force SSL on Amazon S3
Cloudfront redirect www to naked domain with ssl
Disabling Cache for CloudFront
How to test https rest webservice in postman
iOS HTTPS requests 101
Flutter https with self signed certificate
OS X 10.11.6 El Capitan SSLRead() return error -9841