Example Bucket Name : natwebtest
Region used : eu-west-1
1. S3 Direct Bucket Endpoint
s3://natwebtest/index.html
2. S3 Bucket direct Web Endpoints
Bucket Permissions and Bucket Policy –
You need to disable “Block all public access” add also bucket policy to allow the action s3:GetObject to all
URL available with DOT & DASH Differences as follow – After the string named s3
You cannot redirect HTTP to HTTPS as both will be available
http://natwebtest.s3.eu-west-1.amazonaws.com/index.html
https://natwebtest.s3.eu-west-1.amazonaws.com/index.html
http://natwebtest.s3-eu-west-1.amazonaws.com/index.html
https://natwebtest.s3-eu-west-1.amazonaws.com/index.html
3. S3 Static Websites
Enable Static Website –
Bucket Permissions and Bucket Policy –
You need disable “Block all public access” add also bucket policy to allow the actin s3:GetObject to all
Note : By default it provides only HTTP and not HTTPS
URLS available with DOT & DASH Differences as follow – After the string named website
Replace Bucket Name & Region (natwebtest & eu-west-1)
http://natwebtest.s3-website-eu-west-1.amazonaws.com/index.html
http://natwebtest.s3-website.eu-west-1.amazonaws.com/index.html
4. Cloudfront Websites – Origin to S3 Bucket
– Point the Origin to the relevant S3 Bucket
You can remove/update policy to disable s3:GetObject access to all and use OAI
Use a CloudFront Origin Access identity (OAI) to access the S3 bucket.
- Don’t use OAI (bucket must allow public access)
- Yes use OAI (bucket can restrict access to only CloudFront)
Default CloudFront URL will be like – https://xxxxxxxxxxx.cloudfront.net
You can add CNAME and Certificate from ACM – Example https://natwebtest.com
Example Policies:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “PublicReadGetObject”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::BUCKET_NAME/*”
},
{
“Sid”: “2”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXX”
},
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::BUCKET_NAME/*”
}
]
}