mauro.ec

Ideas, thoughts, and proofs of concept

My blog on AWS

My blog on AWS

A time ago, I decided to start a blog to write experiences and ideas, including exciting and newfangled things; after some posts, I moved to another cloud provider to experience the actual process, configurations, and all the required steps to work in this new environment. The selected one was AWS, as I’m very interested in executing some proof of concepts and learning how Amazon handles applications with high availability, security, and low latency.

Well, let’s start; this post relates how to create (or migrate, in my case) a new static site to AWS, so I’ll divide the entire process into the following steps:

  1. Simple Storage Service (S3)
  2. Route 53
  3. Certificate Manager
  4. CloudFront

Next, we will review the use of these components:

Simple Storage Service (S3)

S3 is a service that provides object storage at a high scale; in my case, I will store the files containing the static site, for that I’ll use the following buckets:

mauro.ec will be the primary bucket storing all the files required for the static site, its important to take care of the following configurations:

Static website hosting

We must Enable the static website hosting flag and set the Hosting type to Host a static website; aside, it is important to select the files to store the index and error html files.

S3

Policy

Another necessary configuration is to set this bucket as public; that can be done through the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::mauro.ec/*"
            ]
        }
    ]
}

The policy can be configured inside the Bucket policy section. In the end, we will have our bucket as public access.

S3 Public Policy

In the case of www.mauro.ec, it is important Enable the Static website hosting and set the Hosting type as Redirect request to our primary bucket (mauro.ec in this case).

Redirect request

Regarding the logs bucket, this will be used to store logs collected from mauro.ec and www.mauro.ec; For this purpose, we need to set Server access logging as Enable. Also, we need to configure Target bucket as the desired logs bucket as shown:

Logs

Route 53

Route 53 is a Scalable DNS and Domain Name Registration of high availability. In this case, I will use the DNS Functionality to host the domain name mauro.ec. The hosting of this domain can be easily created through the wizard, which takes care of generating the necessary records; at this stage, the records required are:

  • NS record.- pointing to the default AWS Domain Name Servers (this will be generated automatically by the wizard)
  • SOA record.- with information about the AWS DNS, also generated automatically

NS SOA records

These settings are all we need; however, the following records are generated in later stages by Certificate Manager and CloudFront:

Certificate Manager needs a couple of CNAME records used to validate the ownership of the domain, one for mauro.ec and another for www.mauro.ec.

CNAME records

In the case of CloudFront, we must create two additional records, one for mauro.ec and another for www.mauro.ec, the values of these records must point to CloudFront routes.

CNAME records

Certificate Manager

Certificate Manager is a service that allows the management of certificates. Renewal and assign to some AWS components like CloufFront in this case, the configuration is pretty simple. It implies requesting the ownership of a domain through email confirmation or a CNAME record creation (we must create those records in Route 53); the option Create records in Route 53 can do.

CNAME records

After record creation is necessary to wait until finish their validation; when that process is finished, a Success status appears, and then we can use the certificate for AWS components.

CloudFront

CloudFront is a service that allows delivery content faster in a higher performance; for this purpose, it uses Content Delivery Network distributed across the globe.

As in many AWS services, a wizard can help you to set and configure the distributions; it’s important to notice the following settings:

Set the Alternate domain name (CNAME) with the domain name required and the Custom SSL certificate with the Certificate Manager created.

CloudFront Settings

The Origin domain must be equal to S3 bucket website endpoint:

CloudFront Settings

As we saw, setting a static website with S3 is pretty fast and straightforward, it provides numerous advantages, automatically high scalability, and excellent performance.