I have an ALB that currently routes traffic to multiple urls. I'd like to be able to route traffic to a Static S3 site in the event that we need to perform maintenance. We would then display a static "Maintenance" page instead of our login page.
I have created a CloudFront Distribution that allows a S3 site to be loaded with an SSL cert but I am not sure how to connect that distribution to send all of the traffic to the S3 maintenance site.
This is the Terraform ALB listener I'm using. Can I specify my CloudFront distribution arn
at the target_group
and have it route all traffic to the static site?
Or could I simply link my S3 arn
here with an S3 policy allowing the ALB access to get the bucket objects?
resource "aws_alb_listener" "ssl_alb_httpslistener" {
load_balancer_arn = "${aws_alb.alb_lis.arn}"
port = "443"
protocol = "HTTPS"
ssl_policy = "Sec-TLS"
certificate_arn = "${var.ssl_cert_arn}"
default_action {
target_group_arn = "${data.terraform_remote_state.php.target_arn}"
type = "forward"
}
}
I would I expect that I could route traffic that passes through an ALB to a Static S3 site from the target_group
. Curious if this is the best way to go about this.
To enable static website hostingSign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to enable static website hosting for. Choose Properties. Under Static website hosting, choose Edit.
S3 uses a set of front-end servers to provide access to the underlying data. The decision about which front-end server to use is handled via load-balancing DNS service.
No, it is not possible to apply user-level permissions to a static web site bucket in S3. From Permissions Required for Website Access: When you configure a bucket as a website, you must make the objects that you want to serve publicly readable.
The simple answer is to use a redirect option on the ALB to forward traffic to a new url. My Route53 url is connected to a CloudFront Distribution linked to the S3 bucket. Here I was able to specify a single redirect url and keep my HTTPS traffic options with minimal infrastructure modifications.
You can now have Lambda function as target group and with Lambda, you can trigger S3 , make cloudfront(http) GET request etc.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With