Say you want to host some files in an S3 bucket, under your own custom subdomain with nice short HTTPS URLs. For example, you own foo.com
and you want files to be accessible at URLs like https://files.foo.com/bar.txt
.
This is a lot more complex than it should be! It involves configuring 3 separate AWS services and I’m already forgetting the boring details, so let’s write them down for future reference.
Cloud is the future… wait, 3 separate AWS services?
YEP.
…
Creating the S3 bucket
Naming is important here - the S3 bucket must have the same name as the subdomain it will be accessed at. Open up S3 in the AWS console, and:
- Create a new bucket named
files.foo.com
. - Disable “Block all public access”.
- Under the bucket’s Permissions tab, add a bucket policy to make all objects public by default (replace
files.foo.com
with the name of your bucket):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::files.foo.com/*"
}
]
}
Certificate Creation+Config
Next up, we need to create a certificate in AWS Certificate Manager.
Hot Tip
Certificates must be created in the
us-east-1
region to work properly with CloudFront. Learn from my mistake, make sure you’re in the right region when performing this step.