All geek questions in one place

Https on S3 WITHOUT cloud perspective?

Currently, we want to start hosting all our assets through AWS S3, and we also want to serve everything through https. I understand that I can use Amazon Certificate Manager (ACM) with Cloudfront for server resources through https. The problem is that we work in the medical industry, and we are prohibited by law from accepting anything outside the EU. With S3 I can choose a location (Frankfurt for us), but with Cloudfront I just get this option:

enter image description here

So I thought that maybe I could use Letsencrypt to generate my own certificates. But I think that I still need to use ACM, which works only with Cloudfront, which means that I still can not use it.

Does anyone know if I can somehow configure S3 with https, but without a cloud front?

+20
source share
5 answers

Unfortunately, you cannot use an SSL certificate with your own domain with S3. You can use S3 domain SSL Amazon certificate, for example https://my-example-bucket.s3-website-us-east-1.amazonaws.com.

If you want to use your own domain with SSL, and you cannot use CloudFront, you will need to put another proxy server in front of S3, like your own Nginx server or something like that.

+14
source

AWS API Gateway - /{proxy+} s3-website.

s3, s3-website, PATH/TO/DIR/index.html PATH/TO/DIR, , , , .

API- HTTPS, .

, HTTP, 10 , API REST.

+1

. S3 CloudFront . S3 CloudFront.

. S3 . CloudFront , CDN ( ), . , , - , . , "Price Class 100" "Class Class All".

CloudFront IP, , , .

CloudFront. , , , , .

http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region https://aws.amazon.com/compliance/eu-data-protection/

AWS doco 'using-https-cloudfront-to-s3-origin' 'custom-ssl-domains'

P.S. , CloudFront.

RL

0

CloudFront / . CDN, . , , (, ).

0

, . , 53. , www.example.com us-east-1, URL-

http://www.example.com.s3-website-us-east-1.amazonaws.com/

example.com Route53, , CNAME

www → www.example.com.s3-website-us-east-1.amazonaws.com

0

Source: https://habr.com/ru/post/1670760/

More articles:


All Articles