Login
March 21, 2024Overview
In today’s digital landscape, hosting static websites securely is paramount for businesses. Amazon Web Services (AWS) offers a robust solution for hosting internal HTTPS static websites using Application Load Balancer (ALB), Amazon Simple Storage Service (S3), and AWS PrivateLink. This setup ensures reliable performance, scalability, and enhanced security for your internal web applications. In this blog post, we will delve into implementing this solution based on AWS’s guidelines.
Introduction
The implementation involves setting up an Amazon S3 bucket to store static website content securely. AWS Certificate Manager (ACM) is utilized to obtain SSL/TLS certificates for encrypting data transmitted over HTTPS. An Application Load Balancer (ALB) is then created to manage incoming web traffic, providing scalability and routing capabilities. Amazon Route 53 is configured for DNS resolution to route traffic from the website’s domain to the ALB. Additionally, AWS PrivateLink establishes private connectivity between the ALB and Amazon S3 bucket, enhancing security by keeping data within the AWS network and isolating it from the public internet.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Implementation
- Setting up Amazon S3 Bucket:
Begin by creating an Amazon S3 bucket to store your static website content. Ensure to enable static website hosting for the bucket and configure it to serve index and error documents. Upload your website content to the Amazon S3 bucket. There is no need to enable static website hosting settings in Amazon S3, but you should ensure that the Amazon S3 Bucket name follows the private DNS name you will use. For example, test.mywebsite.in
- Configuring AWS Certificate Manager (ACM) for HTTPS:
Next, obtain an SSL/TLS certificate for your website from AWS Certificate Manager (ACM). ACM provides free SSL/TLS certificates trusted by most modern browsers.
Request a certificate for your website domain and validate it using DNS validation or email validation, as per your preference.
- Setting up AWS PrivateLink:
AWS PrivateLink allows you to securely access services hosted on AWS privately without exposing them to the public internet. Set up an Amazon VPC endpoint for Amazon S3 using PrivateLink to enable private connectivity between your ALB and Amazon S3 bucket. Choose your Amazon VPC and Region as Required.
- Creating an Application Load Balancer (ALB):
Create an Application Load Balancer (ALB) in your Amazon VPC. Configure the ALB to use the SSL/TLS certificate obtained from ACM for HTTPS listeners. Set up target groups for routing traffic to your Amazon S3 bucket.
In Target Group settings, choose IP addresses and provide the IP of your Amazon S3 interface endpoint created in the previous step.
Then, create an application load balancer with the default action routing for the above target group. Provide the Path based routing as per your requirement.
- Configuring Amazon Route 53 for DNS Resolution:
Configure Amazon Route 53 to point your website domain to the ALB’s DNS name to route traffic to your ALB. This ensures that requests to your website are directed to the ALB for further processing.
- Updating Bucket Policy for Access Control:
To ensure that only the ALB can access the Amazon S3 bucket privately, update the bucket policy to allow access from the VPC endpoint’s security group/endpoint. This restricts access to the bucket to only resources within your Amazon VPC.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
{ "Version": "2012-10-17", "Id": "Policy1415115909152", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "*", "Action": "s3:GetObject", "Effect": "Allow", "Resource": ["arn:aws:s3:::yourbucketname", "arn:aws:s3:::yourbucketname/*"], "Condition": { "StringEquals": { "aws:SourceVpce": "vpce-1a2b3c4d" } } } ] } |
- Testing the Setup:
Once the setup is complete, test your website using its domain name. Verify that HTTPS is enabled and that the website content is served securely from the Amazon S3 bucket via the ALB.
Conclusion
Implementing this solution involves setting up an Amazon S3 bucket for storing website content, configuring ACM for HTTPS, creating an ALB for routing traffic, setting up Amazon Route 53 for DNS resolution, and using PrivateLink for secure connectivity between the ALB and Amazon S3 bucket. By following AWS’s best practices and guidelines, you can create a robust hosting environment for your internal websites.
Overall, this solution offers the flexibility, scalability, and security needed to host internal web applications on the AWS cloud platform confidently. By taking advantage of managed services provided by AWS, businesses can focus on building and delivering their applications while AWS takes care of the underlying infrastructure and security concerns.
Drop a query if you have any questions regarding Host static websites and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, and many more.
To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.
FAQs
1. Why choose AWS to host internal static websites?
ANS: – AWS offers a comprehensive suite of services tailored to host static websites securely. By leveraging services like Amazon S3 for storage, ALB for load balancing, ACM for SSL/TLS certificates, Amazon Route 53 for DNS resolution, and PrivateLink for secure connectivity, businesses can create a robust hosting environment with scalability, reliability, and enhanced security.
2. How does AWS PrivateLink enhance security for internal website hosting?
ANS: – AWS PrivateLink allows you to access AWS services privately within your Amazon VPC without exposing them to the public internet. By setting up PrivateLink endpoints for services like Amazon S3, you can establish private connectivity between your ALB and Amazon S3 bucket, ensuring that data remains within the AWS network and reducing exposure to potential security threats.
3. Can I use custom domain names with my internal website hosted on AWS?
ANS: – Yes, you can use custom domain names for your internal website hosted on AWS. By configuring Amazon Route 53 for DNS resolution and associating your domain name with the ALB’s DNS name, you can route traffic to your website using a custom domain name. Additionally, you can obtain SSL/TLS certificates from AWS ACM for your custom domain to enable HTTPS for secure communication.
WRITTEN BY Vignesh K S
Vignesh K S works as a Research Associate at CloudThat. He is interested in learning the latest technologies and methodologies related to Cloud Services and Development in Cloud using serverless services.
PREV
Comments