Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using a S3 Static Site with an Application Load Balancer

I have an ALB that currently routes traffic to multiple urls. I'd like to be able to route traffic to a Static S3 site in the event that we need to perform maintenance. We would then display a static "Maintenance" page instead of our login page.

I have created a CloudFront Distribution that allows a S3 site to be loaded with an SSL cert but I am not sure how to connect that distribution to send all of the traffic to the S3 maintenance site.

This is the Terraform ALB listener I'm using. Can I specify my CloudFront distribution arn at the target_group and have it route all traffic to the static site?

Or could I simply link my S3 arn here with an S3 policy allowing the ALB access to get the bucket objects?

resource "aws_alb_listener" "ssl_alb_httpslistener" {
   load_balancer_arn = "${aws_alb.alb_lis.arn}"
   port = "443"
   protocol = "HTTPS"
   ssl_policy = "Sec-TLS"
   certificate_arn = "${var.ssl_cert_arn}"

    default_action {
     target_group_arn = "${data.terraform_remote_state.php.target_arn}"
     type = "forward"
   }
}

I would I expect that I could route traffic that passes through an ALB to a Static S3 site from the target_group. Curious if this is the best way to go about this.

like image 301
MillerC Avatar asked Aug 07 '19 01:08

MillerC


People also ask

Is this possible to run static websites from Amazon S3?

To enable static website hostingSign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to enable static website hosting for. Choose Properties. Under Static website hosting, choose Edit.

Does S3 have Load Balancer?

S3 uses a set of front-end servers to provide access to the underlying data. The decision about which front-end server to use is handled via load-balancing DNS service.

What permissions do you set for a bucket in S3 to host a static website?

No, it is not possible to apply user-level permissions to a static web site bucket in S3. From Permissions Required for Website Access: When you configure a bucket as a website, you must make the objects that you want to serve publicly readable.


2 Answers

The simple answer is to use a redirect option on the ALB to forward traffic to a new url. My Route53 url is connected to a CloudFront Distribution linked to the S3 bucket. Here I was able to specify a single redirect url and keep my HTTPS traffic options with minimal infrastructure modifications.

like image 161
MillerC Avatar answered Sep 19 '22 14:09

MillerC


You can now have Lambda function as target group and with Lambda, you can trigger S3 , make cloudfront(http) GET request etc.

like image 39
James Dean Avatar answered Sep 20 '22 14:09

James Dean