$1/month static website on AWS
This post describes the basic setup of this blog, which uses the following tools: Publii for static website content generation, AWS S3 and AWS Cloudfront for hosting, AWS Certificate Manager for HTTPS, AWS Route53 for DNS, and Gandi.net for domain name registration. This guide assumes you have an AWS account set up, all the AWS service configurations are accessible through console.aws.amazon.com.
- Use Publii to set up the content for your site, it provides a rich editing experience for writing posts, but also provides enough low level control that customization is easy.
- To get your objects into S3, follow, https://getpublii.com/docs/setup-static-website-hosting-amazon-s3.html
- You can use a Private bucket, with no public access, as all content will be cached on AWS CloudFront, only CloudFront will need direct read access.
- Next set up AWS Route53 > Hosted Zones
- Created Public Hosted Zone, with domain name, e.g. nelsonburton.com
- Update your domain name hosting service to point to Route53's Nameservers
- I use Gandi.net to register a domain name, as they provide anonymization on WHOIS lookups, protecting my personal information.
- Copy/paste the list of Nameservers from the Route53 NS record into your domain name configuration on Gandi's dashboard.
- May need to pause and wait a few minutes for DNS to propagate here.
- Using AWS Certificate Manager, create a certificate so your site can do HTTPS/TLS.
- Request a public certificate, add both nelsonburton.com and *.nelsonburton.com (so that www.nelsonburton.com works).
- DNS Validation, click on both Domains, under Pending Validation, click the "Create Record in Route 53."
- Wait ~5 - 10 minutes for you certificate to be created and validated.
- Using AWS Cloudfront, create a distribution that will serve your site's content
- Custom settings to configure
- For Origin Domain Name, choose the S3 bucket you just created (it should auto-complete from the drop-down).
- Alternate Domain names > nelsonburton.com, *.nelsonburton.com
- Restrict Bucket Access > Yes
- Origin Access Identity > Create a New Identity
- Grant Read Permissions on Bucket > Yes, Update Bucket Policy
- Viewer Protocol Policy > Redirect HTTP to HTTPS
- Default Root Object > index.html
- SSL Certificate > Custom SSL Certificate . Choose the one you just created, it it doesn't show up, you haven't waited long enough.
- Wait 5-10 minutes for the Cloudfront distribution to be created.
- Custom settings to configure
- Head back to the AWS Route53 Configuration, configure your domain name to alias to the Cloudfront Distribution you just created.
- Create Record Set > A - IPV4 Address, leave Name blank, Alias > Yes, select Cloudfront Distribution you just created.
- Create Record Set > CNAME - Name, use wildcard *.nelsonburton.com, Alias > Yes, select Cloudfront Distribution you just created.
- If you use "pretty URLs", for example, /page/2 actually refers to /page/2/index.html, you will need to add a Cloudfront function to automatically do the redirect, or else you'll end up with HTTP:403 AccessDenied errors.
- To do so, go to the Cloudfront distribution. On the left tab, click Functions > Create Function, enter any name you please.
- For the Function code, you can use the following,
- Publish the function, and then on the publish page, click "Add Association", and associate it with the Cloudfront distribution you created above.
- Now, going to /page/2/, will automatically redirect to fetch /page/2/index.html from your bucket.
There you have it, if you now navigate to nelsonburton.com you are automatically redirected to the HTTPS endpoint. The S3 bucket is secured, and the Cloudfront distribution on top of the S3 bucket provides low latency access to your content.