I run a number of Drupal, MediaWiki, and static websites on an AWS EC2 t2-micro server. The server Linux/Apache/MySQL/PHP stack is no longer supported, primarily because of conflicting server and Drupal requirements made upgrading difficult. My plan is to create static versions of the MediaWiki and Drupal sites.
Bernie Michalik (https://smartpeopleiknow.com/) suggested I explore serverless hosting, such as github.io or the AWS suite of services. I decided to stay with the vendor I know, even though Bernie cautioned that AWS services can be both complex and not always well documented.
I found an AWS tutorial that covered multiple functions of potential interest but quickly ran into a roadblock that I will discuss in a later post. I then decided to 'keep it simple' and start with a simple "S3 bucket" website. Although I initially made good progress, I again ran into roadblocks.
Part of the problem was a lack of an overall picture about how the various AWS serverless components interact, which I have tried to capture in the diagram above. Starting at the bottom is the S3 (Simple Storage Service) bucket that stores the static website objects. S3 buckets can be configured to provide a public website endpoint - it even supports logging and simple redirects. However, https is not obvious. If you will want to set up a DNS CNAME associating a meaningful (sub)domain with the website endpoint, the S3 bucket name must match the (sub)domain, otherwise you will get an Access Denied error (the AWS equivalent of "syntax error"). This makes it difficult to initially set up a CNAME for testing and later change the CNAME to the 'production' (sub)domain. S3 buckets cannot be renamed - changing the name requires creating a new bucket with all the required configurations/permissions, moving over over the bucket objects, and deleting the original bucket.
The solution is the AWS CloudFront service. It creates a distribution endpoint that has no DNS CNAME restrictions, enables provisioning of SSL certificates through AWS Certificate Manager, redirects http to https, provides a Web Access Firewall, and can cache pages at AWS CloudFront servers. There are several levels of logging (to an S3 bucket), and the ability to prevent anyone from accessing your S3 bucket directly. CloudFront also supports EMACScript 5.1 functions that can handle redirects/rewrites.
Your Domain Name Services (DNS) provider primarily associates a meaningful (sub)domain with the AWS distribution endpoint by means of a CNAME statement. AWS Certificate Manager verifies that you have appropriate permissions for create SSL certificates for (sub)domains by requiring that you define CNAME statements with name/value pairs provided by AWS. AWS supports domain registration and DNS through its Route 53 service, but you can use your existing DNS provider.
More to come on high level implementation steps for each of these components.
Blog comments