I created a static website mockup for a friend and decided to put it up on my s3 account for a temporary hosting spot. So I uploaded the site files and made them public.
I was surprised to learn that I can access the site via (actual path redacted, but example illustrates point):
https://s3.amazonaws.com/my/s3/path/to/file.html
How is this possible? I expected to have some sort of identifier in the url, referencing my account, but clearly this is not the case.
Can someone explain how amazon does this?
Access to s3 can be secured in a variety of ways, but frequently people want to host these files directly out of s3, so they provide public access. You must have setup access to your bucket/objects so that they are public.
You can also set the bucket name to be a domain of your choosing ala files.yourdomain.com, add a CNAME pointing to s3, and they will automatically determine that the files should come from your public bucket, using a little bit of internal rewriting.
Related
I've uploaded a file using the SDK to my private S3 bucket.
I can access this file through the S3 UI.
However, I cannot access this file through a direct link. It gives me some XML that includes "AccessDenied" as a code and message.
It seems reasonable that since I'm authenticated in the browser and am clicking on a direct link to the file from the same browser, that I should be allowed through. At the very least, I should be directed to a login page.
Does anyone have any experience with this?
So after working on this for a bit, I discovered the best thing is to simply publish the console URL to the file.
https://s3.console.aws.amazon.com/s3/object/{your bucket}/{your file path}?region={the region of your bucket}&tab=overview
Be mindful to specify the correct region. If you're forming this programmatically, then use Amazon.RegionEndpoint.SystemName.
If you're not logged in, it will ask you for your login!
No signed URL is necessary.
Thanks to everyone who contributed!
There are 2 places that you need to make sure are set correctly based on how you want to setup access to the bucket. It will either have public or private access.
The properties tab:
Here you can set what you will use the bucket for.
The Permissions tab -> Bucket Policy:
With this, you can then setup access. I was able to generate a policy with this site:
http://awspolicygen.s3.amazonaws.com/policygen.html
EDIT:
Mine is working with the settings I have shown. I recommend asking the AWS boards if to get to the bottom of it. You could also try this:
You can use the direct link if you are inside a VPC. You have to :
1- Create a VPC endpoint for Amazon S3.
2- Add a bucket policy that allows access from the VPC endpoint.
All steps are described in the following link :
https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/?nc1=h_ls
I'm currently hosting a project of mine on S3 and that results in a URL like: https://s3.eu-central-1.amazonaws.com/my-project/index.html
Using Cloudfront, I'm able to make this a lot nicer so that I can access this page using https://my-project.com/. I can add an ACL to this url so that only certain IPs can access it, but the bucket itself will still be wide open to the world. How would I also apply the ACL to the bucket?
I'm currently looking to host an app with the Angular frontend in a AWS S3 bucket connecting to a PHP backend using the AWS Elastic Beanstalk. I've got it set up and it's working nicely.
However, using S3 to create a static website, anyone can view your code, including the various Angular JS files. This is mostly fine, but I want to create either a file or folder to keep sensitive information in that cannot be viewed by anyone, but can be included/required by all other files. Essentially I want a key that I can attach to all calls to the backend to make sure only authorised requests get through.
I've experimented with various permissions but always seems to be able to view all files, presumably because the static website hosting bucket policy ensures everything is public.
Any suggestions appreciated!
Cheers.
The whole idea of static website hosting on S3 means the content to be public, for example, you have maintenance of your app/web, so you redirect users to the S3 static page notifying there is maintenance ongoing.
I am not sure what all have you tried when you refer to "experimented with various permissions", however, have you tried to setup a bucket policy or maybe setup the bucket as a CloudFront origin and set a Signed URL. This might be a bit tricky considering you want to call these sensitive files by other files. But the way to hide those sensitive files will either be by using some sort of bucket policy or by restricting using some sort of signed URL in my opinion.
I was wondering if it's possible to create my own error pages for my S3 buckets. I've got CloudFront enabled and I am using my own CNAME to assign the S3 to a subdomain for my website. This helps me create tidy links that reference my domain name.
When someone tries to access a file that has perhaps been deleted or the link isn't quite correct, they get the XML S3 error page which is ugly and not very helpful to the user.
Is there a way to override these error pages so I can display a helpful HTML page instead?
If you configure your bucket as a 'website', you can create custom error pages.
For more details see the Amazon announcement of this feature and the AWS developer guide.
There are however some caveats with this approach, a major one being that your objects need to be publicly available.
It also works with Cloudfront, but the same public access limitations apply. See https://forums.aws.amazon.com/ann.jspa?annID=921.
If you want, you can try these out
right away by configuring your Amazon
S3 bucket as a website and making the
new Amazon S3 website endpoint a
custom origin for your CloudFront
distribution. A few notes when you do
this. First, you must set your custom
origin protocol policy to “http-only.”
Second, you’ll need to use a tool that
supports CloudFront’s custom origin
feature – the AWS Management Console
does not at this point offer this
feature. Finally, note that when you
use Amazon S3’s static website
feature, all the content in your S3
bucket must be publicly accessible, so
you cannot use CloudFront’s private
content feature with that bucket. If
you would like to use private content
with S3, you need to use the S3 REST
endpoint (e.g., s3.amazonaws.com).
Amazon.com just announced that one can host static web sites in a S3 bucket. I went to their setup page at http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?WebsiteHosting.html and created a bucket for my static web site, and it worked fine. I have an URL of the form http://[my bucket name].s3-website-us-east-1.amazonaws.com/.
However, I would like to point a subdomain that I own (e.g. static.mydomain.com) to my static web site at Amazon S3. Has anybody figured out how to do that?
I appreciate any help you can give me.
It turns out that to make it work, you cannot just map any arbitrary subdomain to any arbitrary bucket. The fully qualified subdomain name must be the same as the S3 bucket name.
Suppose the name of your site is static.mydomain.com. Then you need to create a S3 bucket with that same name, named static.mydomain.com.
Once you configure that bucket as a S3 static web site, it will have a URL assigned to it that looks something like http://static.mydomain.com.s3-website-us-east-1.amazonaws.com.
Go to your domain host and map your subdomain to the URL from step 2. In enom.com, that meant mapping the host "static" to the address "static.mydomain.com.s3-website-us-east-1.amazonaws.com" as a CNAME record.
Thanks to Uriah and David for suggestions. I eventually got my answer at an Amazon AWS forum.
Make sure that you follow the S3 DNS bucket naming conventions when creating your bucket.
Then:
Enable S3 Website support for the bucket using the AWS Management Console at Properties --> Website
Make sure the files in the bucket have public read permissions
Try the website using the endpoint listed in the Management Console
Setup your CNAME using the listed endpoint (e.g. www.example.com CNAME www.example.com.s3-website-us-east-1.amazonaws.com)
Create a hosted zone say mydomain.com. You can use a web based UI DNS30.
Now create a CNAME entry for this hosted zone.
Add a resource record
with following detail Name as "mydomain.com"
Type as "CNAME"
Value as "mydomain.com.s3.amazonaws.com"
TTl as "on your required configuration"
Hope this will also work for static.mydomain.com
Regards-
Udit
This is called Virtual Hosting of Buckets: http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html
How about using a DNS service, like the Route 53 that Amazon provides. Set it up with a CNAME from your sub domain to the public bucket URL. Of course, if your domain company provide CNAME configuration, that could work directly.
Update 2019 : AWS custom subdomain hosting in S3
As of today following steps worked for me to have a working subdomain for AWS S3 hosted static website:
Create a bucket with subdomain name. In this example www.subtest.mysite.com
Note: Make sure on 'Permission' tab of bucket:
-Block public access (bucket settings)
-Access Control List &
-Bucket policy
are appropriately set to make sure bucket is public. ( Assuming you already did this for your root domain bucket, those settings can be mirrored on this subdomain bucket)
Upload the index.html file in the bucket
Create a CNAME record with your domain provider