Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon S3 - HTTPS/SSL - Is it possible? [closed]

I saw a few other questions regarding this without any real answers or information (or so it appeared).

I have an image here:
http://furniture.retailcatalog.us/products/2061/6262u9665.jpg

Which is redirecting to:
http://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

I need it to be (https):
https://furniture.retailcatalog.us/products/2061/6262u9665.jpg

So I installed a wildcard ssl on retailcatalog.us (we have other subdomains), but it wasn't working. I went to check
https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

And it wasn't working, which means on the Amazon S3 website itself the https wasn't working.

How do I make this work?

like image 861
Kerry Jones Avatar asked Jun 15 '10 19:06

Kerry Jones


People also ask

Does S3 require HTTPS?

Amazon S3 allows both HTTP and HTTPS requests. By default, requests are made through the AWS Management Console, AWS Command Line Interface (AWS CLI), or HTTPS. To comply with the s3-bucket-ssl-requests-only rule, confirm that your bucket policies explicitly deny access to HTTP requests.

Is S3 encrypted at rest?

Encryption at rest is a free feature of Amazon S3. When enabled, all objects stored to S3 will be encrypted at rest. All objects that existed before the setting was enabled will not automatically be encrypted.

Is S3 encrypted in transit?

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit using Secure Socket Layer/Transport Layer Security (SSL/TLS) or client-side encryption.


2 Answers

This is a response I got from their Premium Services

Hello,

This is actually a issue with the way SSL validates names containing a period, '.', > character. We've documented this behavior here:

http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html

The only straight-forward fix for this is to use a bucket name that does not contain that character. You might instead use a bucket named 'furniture-retailcatalog-us'. This would allow you use HTTPS with

https://furniture-retailcatalog-us.s3.amazonaws.com/

You could, of course, put a CNAME DNS record to make that more friendly. For example,

images-furniture.retailcatalog.us IN CNAME furniture-retailcatalog-us.s3.amazonaws.com.

Hope that helps. Let us know if you have any other questions.

Amazon Web Services

Unfortunately your "friendly" CNAME will cause host name mismatch when validating the certificate, therefore you cannot really use it for a secure connection. A big missing feature of S3 is accepting custom certificates for your domains.


UPDATE 10/2/2012

From @mpoisot:

The link Amazon provided no longer says anything about https. I poked around in the S3 docs and finally found a small note about it on the Virtual Hosting page: http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html


UPDATE 6/17/2013

From @Joseph Lust:

Just got it! Check it out and sign up for an invite: http://aws.amazon.com/cloudfront/custom-ssl-domains

like image 135
Kerry Jones Avatar answered Oct 10 '22 08:10

Kerry Jones


I know its a year after the fact, but using this solves it: https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg

I saw this on another site (http://joonhachu.blogspot.com/2010/09/helpful-tip-for-amazon-s3-urls-for-ssl.html).

like image 25
payton109 Avatar answered Oct 10 '22 08:10

payton109