from Hacker News

Show HN: How to Make an AWS S3 Static Website with SSL

by greatamerican on 3/10/18, 7:12 AM with 38 comments

  • by subway on 3/10/18, 8:20 AM

    This works, but it leaves all traffic between the CloudFront edge node and S3 unencrypted. In theory, that shouldn't be an issue, by why risk it?

    A better way is to completely leave the "website" bits of S3 off, and leave that all up to CloudFront. You can create an Origin Access Identity, then grant that OAI access to read your S3 bucket (all automated in the wizard when you create a CF dist and specify an S3 origin). You then specify a default object in your CF dist, and bam, CF is using the S3 REST API over SSL to secure that CF-S3 hop.

  • by 3stripe on 3/10/18, 8:02 AM

    Another way to host a Jekyll website for pennies (and with HTTPS) is https://www.netlify.com/

  • by greatamerican on 3/10/18, 9:04 AM

    This is my bill estimate for March - kinda high!

    https://imgur.com/a/kDmdE

  • by mike503 on 3/13/18, 6:23 AM

    Highly recommend using CloudFlare instead of Cloudfront.

    a) it's totally free, which means once it's cached at CF, no charges from AWS for bandwidth, also no charges for Route 53 since CF handles the DNS too.

    b) it can be used to terminate SSL in front of the S3 bucket (with or without the S3 bucket properly using SSL, depending on if you're using path-based or host-based bucket access)

    c) cache invalidations are stupid fast

    d) any CDN changes are done nearly instant, vs. "however long" Cloudfront takes

    $.02

  • by Mononokay on 3/10/18, 7:46 AM

    What's the benefit of hosting a static website on AWS instead of Github or Gitlab Pages?

  • by trevyn on 3/10/18, 2:54 PM

    https://zeit.co/now is pretty fantastic for this.

  • by navaati on 3/10/18, 11:41 AM

    My question with this kind of setup is: what if a malicious person (or just an unexpected success on HN) gets me a gazillion request, do I end up with a $10k liability ?

    I'd rather have the site go down than me go broke, so is it really a good idea ?

  • by logronoide on 3/10/18, 8:22 AM

    My favorite combination for a static website is AWS S3 for content and Cloudflare for caching and SSL termination. I think Cloudflare offers more capabilities as CDN.

  • by praveenweb on 3/10/18, 1:37 PM

    How do you compare hosting static websites on Hasura (free SSL out of the box) or Heroku vs AWS S3?

    I think cloudflare gives more options as a CDN than cloudfront.

  • by edem on 3/10/18, 8:30 AM

    Where can I read about the costs / month?

  • by forty on 3/10/18, 1:07 PM

    Probably nitpicking, but why not having www as an alias record as well?

  • by IloveHN84 on 3/10/18, 12:05 PM

    Does It work with the free tier?

  • by greatamerican on 3/10/18, 8:09 AM

    OP here - thanks for all the votes! If you liked this post, check out my latest post here: https://www.josephecombs.com./2018/03/09/how-I-use-a-compute...