6

I've got a static S3 website. When I log in, I can see that the endpoint is http://www.example.com.s3-website.eu-west-2.amazonaws.com, but I've seen answers claiming that the site should be accessible via HTTPS at https://www.example.com.s3-website.eu-west-2.amazonaws.com. This doesn't work though.

Did AWS used to support HTTPS for static sites and have now stopped it, or do I need to enable it somehow?

jbrown
  • 7,518
  • 16
  • 69
  • 117
  • You need a CloudFront distribution to serve your S3 content over HTTPS. Use ACM to request the certificate. – jweyrich Sep 07 '18 at 06:09
  • I've already done that. I want to encrypt between CloudFront and the S3 bucket itself. – jbrown Sep 07 '18 at 06:09
  • AFAIK, S3 doesn't support **custom-domain** HTTPS to serve static files directly. You may access the standard URL using HTTPS though. If you're using the S3 API, then you may use it via HTTPS. – jweyrich Sep 07 '18 at 06:12
  • But this isn't a custom domain. This is the S3-assigned domain. – jbrown Sep 07 '18 at 06:15
  • I mean, if you had `www-example-com` (no periods in the bucket name), Amazon's wildcard certificate would work. – jweyrich Sep 07 '18 at 06:18

3 Answers3

5

The website hosting section on S3 now has this note at the bottom of the page:

The Amazon S3 website endpoints do not support HTTPS. For information about using HTTPS with an Amazon S3 bucket, see How do I use CloudFront to serve HTTPS requests for my Amazon S3 bucket? and Requiring HTTPS for Communication Between CloudFront and Your Amazon S3 Origin.

Seems the only option now is to use CloudFront. Quite disappointing when you just want a quick and dirty HTTPS website and would happily use https://examplebucket.s3-website-us-west-2.amazonaws.com/ as the URL, which would work fine with a wildcard SSL certificate.

madleech
  • 111
  • 2
  • 3
3

So the answer is no, it's not possible to use HTTPS for S3 static websites directly like I'm trying to do. From the docs:

Note the following about using HTTPS when the origin is an Amazon S3 bucket:

* If your Amazon S3 bucket is configured as a website endpoint, you can't 
configure CloudFront to use HTTPS to communicate with your
origin because Amazon S3 doesn't support HTTPS connections in that
configuration.
jbrown
  • 7,518
  • 16
  • 69
  • 117
2

You cannot use periods in the bucket name. If you do use periods, Amazon's wildcard certificate won't work.

Quoting the BucketRestrictions documentation:

When you use virtual hosted–style buckets with Secure Sockets Layer (SSL), the SSL wildcard certificate only matches buckets that don't contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (".") in bucket names when using virtual hosted–style buckets.

jweyrich
  • 31,198
  • 5
  • 66
  • 97
  • 1
    This isn't about the validity of certificates. I get no response when I try to make an https request to the bucket. – jbrown Sep 07 '18 at 06:22
  • I'm not talking about validity when I say it won't work. But you're right, I should reword it. – jweyrich Sep 07 '18 at 06:23