Host Jekyll In Aws S3 And Upload With Aws CLI and redirect with Route53

The aim of this how-to-guide🏁 is to use AWS as a hosting and DNS solution for a Jekyll website. It does not show how to set up a Jekyll site, only how to configure an S3 bucket and Route53 so that you can redirect a domain to it. The domain however will not be masked.

1. steps

• create an S3bucket
• give it the same name as the domain
• uncheck Block all public access

• open the bucket → select Properties → Static Website Hosting
• select Enable → select default values for Index document (index.html) and Error document (Error.html)

• select Permissions → Edit Bucket Policy and pass the following (change the resource as well as version)
• this limits all access to read-only

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::kutaj-zavodska.com/*"
        }
    ]
}

• Note that the Version is not your version but the AWS version and thus it should not be changed!
• create an index.html with <h1>Hello World</h1> in it and upload to the bucket
• open http://kutaj-zavodska.com.s3-website.eu-central-1.amazonaws.com/ to verify

• permissions have now been created
• permissions to modify the bucket via API does not yet
• create an IAM policy and assign that to IAM user account
• go to services → IAM → Policies → Create Policy
• https://console.aws.amazon.com/iam/home?region=eu-central-1#/policies=edit in my region

• expand resources → specify bucket name → done
• create a user in IAM Management service
• this generates an access key and secret for programmatic access
• username (example): kutaj-zavodska
• in step 2 → select Attach existing policies directly → Filter policies → Customer managed → Select the policy you created earlier

once done, receive the secret

2. upload jekyll

• credential-wise, create environmental variables on your local machines and store the next 3 values there

AWS_ACCESS_KEY = [access key id]
AWS_SECRET_ACCESS_KEY = [your secret access key]
AWS_DEFAULT_REGION = [your bucket region]

• s3 sync si the AWS CLI tool used for uploading the site to S3

aws s4 sync [origin] [target] [options]
aws s3 sync _site s3://kutaj-zavodska.com --no-verify-ssl

3. issue: SSL validation failed

• if attempting to upload without –no-verify-ssl you’ll get

aws s3 sync _site s3://kutaj-zavodska.com fatal error: SSL validation failed for https://s3.eu-central-1.amazonaws.com/kutaj-zavodska.com?list-type=2&prefix=&encoding-type=url [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

• links to fix SSL:
• https://superuser.com/a/641396/1083809
• https://stackoverflow.com/a/55117069/11082684

4. DNS

1. In S3, create an empty bucket foo.bar.com
2. In Properties -> Static Website Hosting → set Redirect all requests to foo.bar.com/example
3. Test if it works just by clicking on the bucket endpoint
4. Open Route53 → Create Hosted Zone → enter foo.bar.com (it has to be identical to the S3 bucket name) into Domain Name → finalize registration
5. Create an A record foo.bar.com
6. Enable “alias”, and set alias target to the foo.bar.com bucket

5. sources

• https://stackoverflow.com/a/24046986/11082684

Originally published at http://pavol.kutaj.com on March 24, 2021.