Hosting an SSL static web page as a subdomain in AWS

Jumping right into what we are going to do here,

  • Host the offline page in AWS for your product hostsed at in-house DC.
  • My product is https://foo.example.com hosted in our own colocated DC.
  • The offline page I need is https://offline-foo.example.com in AWS, so that an outage in my own DC won’t impact the offline page.

Steps to follow,

1. Get your own certificate for https://offline-foo.example.com

2. Create an S3 bucket to host the static site and dump your content. Set its properties to act as a static web page. This will get your non-SSL site with S3’s own domain naming convention ready.

3. Create a cloundfront with origin as the S3 bucket you created, and configure to use SSL using the certificate you created in Step 1. Access your cloudfront SSL url and see you can access the offline page.

cloudfront_2

4. Create a vanity CNAME record that matches your SSL cert’s CN, pointing to the cloudfront endpoint.

exponentof:~ > host offline-foo.example.com
offline-foo.example.com is an alias for hgttreew87745.cloudfront.net.
hgttreew87745.cloudfront.net has address 52.85.76.254
hgttreew87745.cloudfront.net has address 52.85.76.6
hgttreew87745.cloudfront.net has address 52.85.76.36
hgttreew87745.cloudfront.net has address 52.85.76.111
hgttreew87745.cloudfront.net has address 52.85.76.134
hgttreew87745.cloudfront.net has address 52.85.76.141
hgttreew87745.cloudfront.net has address 52.85.76.168
hgttreew87745.cloudfront.net has address 52.85.76.210
exponentof:~ >

5. Your are technically done. Below steps are decorations.

6. Keep your Cloudfront logs in the S3 bucket. Call the url with extra parameters to find the actual source in details.

7. Splunk your S3 logs for data analysis & Setup Cloudtrail moniroting.

(to be elaborated with screenshots later…)