Proper Setup for a simple AWS S3 website using CloudFront & Route, with base domain and www subdomain

TheArchitecta

6/22/24, 1:53 AM

Which is the better design, and why? (see 2 tables)

1. Here is the configuration of my working website (example.com is the prevent domain) as setup via a Youtube Tutorial...

Route53	Cloudfront Dist	S3
A record example.com --> d1wxyz	d1wxyz.cloudfront.net --> 1.	1. example.com Hosting type Redirect request at www.
A record www.example.com --> d21xyz	d21xyz.cloudfront.net --> 2.	2. www.example.com public stores assets

So now when I turn on ACLs I have to have 2 sets of ACLs??? Doubling the cost.

2. Here is the configuration of what I would expect as a setup based on my previous experience with on premise servers but I cannot find any advice on this, nor can I find any other solid tutorials like the setup above making it a bit hard to know.

Route53	Cloudfront Dist	S3
A record example.com --> d1wxyz	d1wxyz.cloudfront.net --> 1.	1. example.com public stores assets
CName record www.example.com --> d1wxyz	d1wxyz.cloudfront.net (as above)	example.com public stores assets (as above)

This way seems more logical to me 1 bucket, no redirect from the second bucket and 1 distribution with a simple A record and CNAME both pointing at the Base distribution. then only 1 set of ACLs are required?

the first way works, but seems overly complex, but maybe there is a good reason? the 2nd seems more logical as per other web server setups I have done. But maybe there are pitfalls?

Which is the correct way? (assuming a simple website with Base domain and www subdomain)

I hope I have explained this well enough.

1 + 0

amazon-s3

amazon-cloudfront

amazon-web-services

amazon-route53

Score:0

Server

Tim

6/22/24, 3:27 AM

The AWS documentation outlines this for S3 here, and with CloudFront here.

Short version, you set up Route53 to use an Alias record pointing at CloudFront for both the base domain and subdomain, rather than an A record CNAME.

You should use an Origin Access Identity to prevent direct access to S3, as you get 1TB of free data egress from CloudFront and only 100GB from S3 (reference).

+ 4

TheArchitecta

6/22/24, 4:49 AM

I did not setup 2 buckets as per the documentation, it started working just as I was about to try this. I used my second approach with www as a CNAME and it works great, I will let it soak and see how it goes. Only thing I added was the www as an alternate Alias to

Tim

6/22/24, 5:09 AM

There are often good reasons to follow the recommendations. From memory, alias record querys are free, which is one reason to use them.

TheArchitecta

6/22/24, 6:08 AM

The documentation does not refer to 2 distributions. I think this is what I am struggling with. surely either 1xCloudFront can redirect accordingly or rewrite like .htaccess So I cannot see how it works without a second distribution. But the docs do not advise a second one, and a second one seems redundant.

Tim

6/22/24, 8:51 AM

If you're talking about redirecting a www to the base domain, or vice versa, you can leave S3 to do the redirect. CloudFront can redirect http to https but can't do www -> base or vice versa, as far as I know, but I haven't used it in ages I've just reviewed it for AWS certifications.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Proper Setup for a simple AWS S3 website using CloudFront & Route, with base domain and www subdomain

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.