I have a blog. It’s not much. You’re reading it right now. It used to run wordpress, but I got tired of worrying about the security of it, since there was so little value there. I got tired of updating FreeBSD, updating Apache, updating PHP, MySQL, and everything that comes with that, just for the sake of a small blog. I wanted to make it just plain HTML and I wanted to use some serverless technologies from AWS (I work there, so I’m keen on understanding how I can use it). This is the first in what will probably be a multi-part series on absolutely every single step you have to do. None of this stuff is hard, but frankly if you’re starting from nothing, it’s a lot of steps. Many aren’t particularly intuitive unless you know what you’re doing.
I’ve done this whole process a few times now, and I can get it down to about an hour of wall-clock time “from soup to nuts”, as they say. If you’ve never done much of this before, I don’t expect you’ll be able to do it in a single sitting, much less a single hour. But you can do it. You really can.
My Goals for My Blog
No more worrying about a web server that can crash, be hacked into, or that needs updating. 2.
All the hard bits come at the end. I’m going to start at the very beginning, assuming you have a domain name (either you’ve thought one up, or you already own one). I’m also going to assume you’ve never used AWS before. You’ll find things you can safely skip if you know how to do some of these steps, or if you’ve already done them.
Side note: access controls:
- Create a user in your AWS ccount
- Create a policy for mucking with THIS bucket but no other buckets
- Issue access keys for that user
- Attach the policy to that user
Using credentials that will work…
Get a domain name
Create a Hosted Zone in Route 53
Request a certificate. Possibly add other names like www.example.com.
Do DNS based verification and let it create the route53 record
Create the S3 bucket
- not public
Create the CloudFront distribution
- Enter the S3 bucket for Origin Domain Name
- Leave the path blank
- Leave the Origin ID as is
- Choose “yes” for restrict bucket access
- Tell it to create a new identity
- Choose “Yes, Update Bucket Policy”
- Ignore custom headers
- Choose “redirect HTTP to HTTPS”
- Choose GET, HEAD, OPTIONS
- Tick options to cache.
- Cache based on selected headers. Choose “Whitelist”. Add 3 headers:
- Compress: Yes
- Price Class. I use EU and US only. You can pick what you like.
- Alternate names. Add your custom name, like example.com. Also add www.example.com if you were doing example.com.
- Custom SSL certificate. Pick the one that has the right name.
- Default Root Object: index.html
- Click “Create”. Wait 20 minutes.
Create an A record in Route53. Set it to the cloudfront distribution.
- Choose alias yes
- choose the CF distribution as the target
- Might complain that the distribution doesn’t have a state of “deployed”