Saturday, November 14, 2020

Develop a static website on AWS

1. Have your webfiles ready. Such as index.html 
2. Sign in to the AWS Console 
3. Add a bucket under S3, eg. cs590.bucket 
3.1 unckeck "block all public access" so people can access your website. 
4. Click the "cs590.bucket" and copy the ARN 

5. Under "Objects", upload the webfiles. Note that the index.html file should be in the root folder. 
6. Go to the "Properties", edit the "Static website hosting" 
6.1 enable static website hosting 
6.2 choose "host a static website" 
6.3 type index.html as the index document. 
6.4 type error.html in error document. (Don't worry for now if you don't have this file.) 6.5 save changes.

7. Go to the "Permissions" tab, add a "bucket policy" 
7.1 click "Edit" button
7.2 click the "policy generator" button and then select "S3 bucket policy" 
7.3 type "*" in the Principal 
7.4 select "all actions" checkbox 
7.5 paste the ARN you copied in step 4. Something like this "arn:aws:s3:::cosc590.bucket". 
7.6 click "add statement" 

7.7 Click "Generate Policy" button 
7.8 Copy the JAON policy document. Something like this: 
{
  "Id": "Policy1605400973864",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1605400930003",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::cosc590.bucket",
      "Principal": "*"
    }
  ]
}
7.9 add "\*" at the end of the resource line. So the policy should like this:
{
  "Id": "Policy1605400973864",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1605400930003",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::cosc590.bucket\*",
      "Principal": "*"
    }
  ]
}
7.10 paste the policy to the "bucket policy" (step 7.1)

8. Go back to the "Properties" tab
9. Scroll down to the bottom 
10. Click the link to launch your website. The URL is something like this:
http://cosc590.bucket.s3-website-us-east-1.amazonaws.com

-------------------
Optional:
a. Add logs.cs590.bucket to store logs and enable under "properties". 
b. Add www.cs590.bucket and to redirect to cs590.bucket. 

Q: Why adding a policy (step 7)?
A: For security reason, the bucket access is disabled by default. This follows the "least privilege" security policy. 

No comments:

Post a Comment