Category: Shell

A tiny blog for DevOPS related items

Always in for coffee and cookies

From Satis to S3 to CloudFront

If you created an S3 bucket for use with Satis, your bucket should usable for static website hosting, but your endpoint probably looks something like this:

http://your-pretty-bucket.s3-website-eu-west-1.amazonaws.com

You can simply add a CNAME record to your DNS configuration, to make your S3 a bit easier to access.

But since a while Composer somewhat forces you to use an repository with secure access, unless you’ve added a flag to ignore this.
When you want to use SSL with your S3 bucket, you will need to configure CloudFront.
We will need a Web distribution for this. I’m assuming you have some knowledge of AWS’ services so will not explain what everything means in the CloudFront console.

The SSL certificate.

Unfortunatly CloudFront doesn’t support 4096-bit certificates, but for this purpose 2048-bit is fine too.
It’s up to you where you purchase your certificate.
You can import your certificate in AWS’ ACM (AWS Certificate Manager) or use ACM to generate a new certificate.

Now it’s time to create a new CloudFront distribution

We are going to need a Web distrubution for this use case.
At ‘Origin Domain Name’ choose your Satis bucket, you’ve created in the steps before.
Set ‘Viewer Protocol Policy’ to ‘Redirect HTTP to HTTPS’ The ‘Allowed HTTP Methods’ can be set to ‘GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE’

For ‘Object Caching’ we can use Origin Cache Headers.
Set ‘Query String Forwarding and Caching’ to none, for better caching.

Select the priceclass that’s best suited for you, but ‘Use Only US, Canada and Europe’ is probably fine.

Select ‘Custom SSL Certificate (example.com)’ and choose the certificate you just uploaded/created in ACM.

Make sure that you select ‘Only Clients that Support Server Name Indication(SNI)’, or else this distrubition is going to cost you about $600,- every month

Supported HTTP versions can bet set to ‘HTTP/1.1, HTTP/1.0 For the default root object, we need to fill in ‘index.html’
Using IPv6 is up to you, no extra charge.

And that’s it for CloudFront. After your destribution is deployed, you can access with a secure connection. Don’t forget to add the CNAME records to your DNS configuration.