Saturday, April 18, 2015

domain name system - Serve a static website on S3 via CloudFront and ACM SSL without Route53




There is a great write-up of what I consider a "standard" setup of a single-page app hosted on AWS: S3 Static Sites. It includes




  • Deployment to S3

  • SSL certificate via ACM

  • Distribution via CloudFront

  • DNS configuration in Route53



The site we are working on, however, is set up for a customer who does not use Route53. How do I tell them to configure the DNS records? It should be waterproof, so I want to check here with experiences from other users.




Given:




  • Cloudfront domain name: d12ab345cd6ef.cloudfront.net

  • S3 bucket: spa.example.com



Is it just a CNAME record?




spa.example.com. CNAME d12ab345cd6ef.cloudfront.net


Does that work? Is there an instance where this does not work? The setup does not use a naked domain.



Going through the domains set up with an A record and the Alias flag on Route53 pointing to the CloudFormation distribution, as described in the article linked above (section Route53), I see the following



$ dig working.foo.com
...
working.foo.com. 28 IN A 54.230.44.111

working.foo.com. 28 IN A 54.230.44.112
working.foo.com. 28 IN A 54.230.44.113
working.foo.com. 28 IN A 54.230.44.114
...

Answer



For a subdomain like spa.example.com, a CNAME is all you need. Set up the record, then tell CloudFront about it in the distribution's settings, and you're good to go.



For an apex domain, Route 53 makes things a lot easier (via ALIAS records), but some other DNS providers (off the top of my head: DNSMadeEasy and CloudFlare) offer a similar thing that'll work fine with CloudFront.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...