0

I have a domain, let's say foo.bar.com, which I want to use to serve files in an Amazon S3 bucket. According to https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html, the bucket name has to be foo.bar.com and the URL foo.bar.com.s3.amazonaws.com for the CNAME record for foo.bar.com (pointing to foo.bar.com.s3.amazonaws.com) to work.

Unfortunately, Amazon's SSL cert doesn't support foo.bar.com.s3.amazonaws.com (I mean, why would it, I guess), so I can't serve my files like this over SSL, I get an SSL warning/error. I can use plain HTTP but I get Mixed Content warnings in Chrome since the main site is over SSL.

How should this issue be dealt with?

chintogtokh
  • 746
  • 1
  • 9
  • 21
  • https://stackoverflow.com/questions/3048236/amazon-s3-https-ssl-is-it-possible – Sudharsan Sivasankaran Mar 12 '18 at 05:30
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Web Applications Stack Exchange](http://webapps.stackexchange.com/), [Webmaster Stack Exchange](http://webmasters.stackexchange.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Mar 12 '18 at 19:36

1 Answers1

0

The only way to have both a Custom domain name and SSL on a bucket is to use CloudFront in conjunction with S3.

Create an SSL cert for your domain foo.example.com in Amazon Certificate Manager (ACM) in the us-east-1 region, regardless of your bucket's region. (The us-east-1 region is the region where CloudFront and ACM are interconnected.)

Create a CloudFront distribution:

  • if you want the S3 web site hosting features, including index documents and redirect rules, type the bucket's web site hosting endpoint hostname as the origin domain name (do not select the bucket from the list), or
  • if you want to use CloudFront signed cookies or signed URLs, do select the bucket from the drop-down list.

Associate your new ACM cert with the distribution, and add foo.example.com as an Alternate Domain Name for the distribution.

Point the DNS record to the assigned dzczcexample.cloudfront.net hostname.

Note also that unlike S3 static hosting used by itself, this configuration does not require that the bucket name match the domain name, since CloudFront rewrites the requests before sending them to the bucket.

Michael - sqlbot
  • 139,456
  • 21
  • 252
  • 328