Making a CDN using AWS S3 buckets

Was working on a project and decided to use S3 buckets for easy content hosting, so here’s how I set it up with my domain.

Step 1 - S3 Bucket

The first step is to actually create the bucket. This must be the same name as the subdomain you’re using, in my case it’s s3vr.soulsender.me. Then go to Properties > Static website hosting > enable. Turn off “block all public access” and then add the following bucket policy to allow internet access:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::s3vr.soulsender.me/*"
        }
    ]
}

Create an index.html with something, upload it to your bucket, and configure it in the static website settings.

Now there should be a static website being hosted with the contents of your bucket. That might be good enough for you, but if you want to set up HTTPS you can do these next steps.

Step 2 - Request a Certificate

Go to AWS Certificate Manager and request a new public certificate. I used DNS to verify ownership, which prompted me to create a CNAME record with the host _123456789abc.s3vr and the value _123456789abc.abc.acm-validation.aws (these are examples not the actual values).

You’ll need to wait a few minutes for the record to propagate, but if you did it correctly, the certificate will show as “issued” in the AWS certificate console.

Step 3 - Configuring Cloudfront CDN

Next, go to AWS Cloudfront > Distributions > Create distribution. Set the origin domain to your bucket, and set the protocol policy to redirect to HTTPS. In the general settings, add your subdomain as an alternate domain name CNAME (ex. s3vr.soulsender.me), and set the custom ssl certificate to the ACM certificate you created in step 2. In the overview for your distribution, copy the distribution domain name (ex. abc123abc.cloudfront.net).

Step 4 - Configure DNS

Finally, login to your DNS provider, and create a new CNAME record. Set the host value to your subdomain (ex. s3vr) and then the value to the cloudfront domain name you got in the last step.

It will take a few minutes to propagte, but when you vist your subdomain you should now see the index.html over HTTPS. Any files you upload to your bucket will be served via HTTPS to the internet.