usecase

The aim of this how-to-guide🏁 is to use AWS as a hosting and DNS solution for a Jekyll website. It does not show how to set up a Jekyll site, only how to configure an S3 bucket and Route53 so that you can redirect a domain to it. The domain however will not be masked.

1. steps/?

  • create a bucket
  • give it the same name as the domain
  • uncheck Block all public access

newBucket

  • open the bucket → select Properties → Static Website Hosting
  • select Enable → select default values for Index document (index.html) and Error document (rror.html)

enable_static_website_hosting

  • select Permissions → Edit Bucket Policy and pass the following (change the resource as well as version)
    • this limits all access to read-only
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::kutaj-zavodska.com/*"
        }
    ]
}
  • Note that the Version is not your version but the AWS version and thus it should not be changed!
  • create an index.html with <h1>Hello World</h1> in it and upload to the bucket
  • open http://kutaj-zavodska.com.s3-website.eu-central-1.amazonaws.com/ to verify

kutaj-zavodska-hello-world

  • permissions have now been created
  • permissions to modify the bucket via API does not yet

    IAM_policies

    • expand resources → specify bucket name
    • seems to be done
  • create a user in IAM Management service
  • this generates an access key and secret for programmatic access
    • username: kutaj-zavodska
    • in step 2 → select Attach existing policies directlyFilter policiesCustomer managed → Select the policy you created earlier

    attach_policies_to_a_user

    • once done, receive the secret

    get_key_when_done

2. upload jekyll

  • credential-wise, create environmental variables on your local machines and store the next 3 values there
AWS_ACCESS_KEY = [access key id]
AWS_SECRET_ACCESS_KEY = [your secret access key]
AWS_DEFAULT_REGION = [your bucket region]
  • s3 sync si the AWS CLI tool used for uploading the site to S3
aws s4 sync [origin] [target] [options]
aws s3 sync _site s3://kutaj-zavodska.com --no-verify-ssl

3. issue: SSL validation failed

  • if attempting to upload without –no-verify-ssl you’ll get

aws s3 sync _site s3://kutaj-zavodska.com fatal error: SSL validation failed for https://s3.eu-central-1.amazonaws.com/kutaj-zavodska.com?list-type=2&prefix=&encoding-type=url [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

4. DNS

  1. In S3, create an empty bucket foo.bar.com
  2. In Properties -> Static Website Hosting → set Redirect all requests to foo.bar.com/example
  3. Test if it works just by clicking on the bucket endpoint
  4. Open Route53 → Create Hosted Zone → enter foo.bar.com (it has to be identical to the S3 bucket name) into Domain Name → finalize registration
  5. Create an A record foo.bar.com
  6. Enable “alias”, and set alias target to the foo.bar.com bucket

set_up_A_record_route53

5. sources