🗃️ Archive
🏷 Tags
RSS icon Feed
🪪 About

jmglov's blog

A blog about stuff but also things.

Using HTTPS with S3 static website hosting in 50 simple steps

I run this site on AWS S3, using static website hosting. In terms of simplicity, it's hard to beat: just toss your stuff in an S3 bucket, make sure the Content-type metadata is correct, and off you go. However, it doesn't support HTTPS by default. My site doesn't have anything on it that really requires end-to-end encryption, but a professional programmer who has been deep into AWS for the past 10 years or so having an HTTP-only site in 2022 is tacky and embarrassing. So today we shall remedy this, in 50 simple steps!

  1. Apply to The College of William and Mary in Virginia.
  2. Drink 18 cups of coffee one night at a jazz club.
  3. Try to go to work the next day but then have to come home because you feel like shit warmed over.
  4. Curl up on the couch and try to sleep.
  5. Get woken up when the mail carrier slides a fat envelope through the mail slot in your apartment door.
  6. See that the envelope is from The College of William and Mary in Virginia.
  7. Years later, write a blog post on how to enable HTTPS for your S3 website in which you mention The College of William and Mary in Virginia a lot, and realise that you really should explain to your readers that whilst The College of William and Mary in Virginia currently writes its name as "William & Mary", its proper name is in fact The College of William and Mary in Virginia, unless they've changed it at some point since you went there. It's kinda like Ohio State: if you didn't go there, you call it Ohio State, but actual Buckeyes will invariably remind you that it is really called The Ohio State University.
  8. Rip open that envelope with trembling hands (coffee hangover or excitement: you decide).
  9. Read the world "congratulations" and, overcome by joy, pass out on the couch.
  10. Get assigned an email address by W&M (haha! another way to write it!) which is the first letter of your first name, the first letter of your middle name (or "x" if you don't have a middle name, if you recall correctly), and the first four letters of your surname (if your surname is fewer than four letters, you honestly can't remember what W&M would make of that).
  11. Decide that email address is pretty dope.
  12. Enroll in Computer Science 101 and find out that your Unix username is the same as your email address, just without the "@wm.edu" bit on the end.
  13. Some years later, register a domain with your dope-ass Unix username.
  14. Create a primitive website and serve it off Apache on this old computer that you keep under your desk in Columbus, Ohio whilst your wife gets a master's degree in Japanese language and pedagogy.
  15. Have intermittent fights with Apache because it can be a real PITA to configure sometimes.
  16. Get an SSL cert from something similar to Let's Encrypt that you forget the name of, but then remember that you must still have an account there because you're a trained assurer, so look it up in your encrypted password file that you started sometime back in the very late 90s.
  17. Discover that it is called CAcert, that it still exists, and that it is still not included in the trusted certificate authorities that ship with Firefox.
  18. Enable mod_ssl on Apache and rejoice in the "s" that you now get to add before the ":" when you type "http://" to visit your website!
  19. Ask your friend Adrian to host your domain and website and mailserver for you because you're moving to Japan because your wife is super smart and got a scholarship to this intensive Japanese language study programme and so you need to ditch your tower computers and buy a laptop instead.
  20. Forget about your website for many many years.
  21. See that AWS has added a static website hosting feature to S3.
  22. Point your domain at it.
  23. Realise at some point that https:// doesn't work no more.
  24. Cry bitter tears but then get over it.
  25. Transfer your domain to AWS Route 53 at some point.
  26. Remember this whole HTTPS thing again and become embarrassed enough to do something about it.
  27. Try to get it working through some ACM witchcraft, but then get quite frustrated for some reason and ragequit.
  28. Don't think about it for many years.
  29. Go through the process of Creating a blog with Clojure in 50 simple steps.
  30. Proudly post a link to your blog.
  31. Get super embarrassed when your friend Thomas DMs you on Twitter to tell you to sort your shit out vis-à-vis HTTPS because c'mon, person!
  32. Wait for your friend Plínio to offer to share his technique with you.
  33. Mix up some accidentally double-strength margaritas for yourself and your friend Simon and then play some Guitar Hero all night.
  34. Start watching "Star Trek: Generations" after Simon leaves for home.
  35. Send a drunk text to your mean but cool friend Sen to tell her that you're watching "Generations" and she can suck it.
  36. Send a drunk WhatsApp voice message to your friends Micheleangelo and Tane telling them how great they are.
  37. Wake up at 09:30 the next morning with a slight headache and some serious cotton mouth.
  38. Take the poor patient doggy out for a walk.
  39. Tell your friend Ray about your tequila measurement issue.
  40. Make a pot of coffee and an enormous greasy breakfast.
  41. Sit down at your computer to write.
  42. Realise that you could probably get HTTPS working for your website.
  43. Write 43 steps for how to do it before you actually get around to so much as opening the link that Thomas sent you because Plínio is just a tease and hasn't yet shared the good stuff with you. C'mon, Plínio, puff puff pass already, brah!
  44. Pop over to the ACM console to register a cert.
  45. Realise that you might be getting ahead of yourself and open the Configuring a static website using a custom domain registered with Route 53 page that Thomas sent you first so you don't take any missteps.
  46. Create a bucket to hold your access logs, because that seems like a good idea.
  47. Enable server access logging in your root domain bucket.
  48. Refresh a page on your website and then excitedly check your logs bucket and get disappointed when you don't see anything there. Shrug your shoulders and assume that there's some buffering happening, so something will probably show up there sooner or later.
  49. Read a little note on the AWS page:

    Note

    Amazon S3 does not support HTTPS access to the website. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.

    For more information, see How do I use CloudFront to serve a static website hosted on Amazon S3? and Requiring HTTPS for communication between viewers and CloudFront.

  50. Start to say "well, duh", but then remember that "duh" is an ableist word, so say "uh, yeah" instead because it is one of the helpful alternatives provided by the super awesome Lydia X. Z. Brown on the super awesome autistichoya blog. Start to move onto the next step but then realise that you're already on step 50 and thus you now have a conundrum: do you
    • Just add another step, even though you've already titled this piece "Using HTTPS with S3 static website hosting in 50 simple steps" and the previous two posts in this format have been exactly 50 steps each, and that's kinda the point of a format: sticking to it?
    • Cheat by using a bullet list within step 50?
    • Realise that it's late in the day and you really need to take the dog out before you walk over to the vet to get her to sign one place on your dog's doggy passport that she forgot to yesterday but was nice enough to call you about 30 minutes ago and ask you to check because she wasn't sure she had signed everywhere and also your friend Tim has posted chapter 2 of "Story of a mediocre fan" over on 7amkickoff, so you don't actually have to post this piece today anyway, so you can actually stop writing and finish this stuff up tomorrow?

Which to choose, which to choose?

🏷 aws 50-simple-steps
📝 Published: 2022-06-24