0

Which is the better design, and why? (see 2 tables)

1. Here is the configuration of my working website (example.com is the prevent domain) as setup via a Youtube Tutorial...

Route53 Cloudfront Dist S3
A record example.com --> d1wxyz d1wxyz.cloudfront.net --> 1. 1. example.com Hosting type Redirect request at www.
A record www.example.com --> d21xyz d21xyz.cloudfront.net --> 2. 2. www.example.com public stores assets

So now when I turn on ACLs I have to have 2 sets of ACLs??? Doubling the cost.

-

2. Here is the configuration of what I would expect as a setup based on my previous experience with on premise servers but I cannot find any advice on this, nor can I find any other solid tutorials like the setup above making it a bit hard to know.

Route53 Cloudfront Dist S3
A record example.com --> d1wxyz d1wxyz.cloudfront.net --> 1. 1. example.com public stores assets
CName record www.example.com --> d1wxyz d1wxyz.cloudfront.net (as above) example.com public stores assets (as above)

This way seems more logical to me 1 bucket, no redirect from the second bucket and 1 distribution with a simple A record and CNAME both pointing at the Base distribution. then only 1 set of ACLs are required?

the first way works, but seems overly complex, but maybe there is a good reason? the 2nd seems more logical as per other web server setups I have done. But maybe there are pitfalls?

Which is the correct way? (assuming a simple website with Base domain and www subdomain)

I hope I have explained this well enough.

Improve this question

1 Answer 1

Reset to default
0

The AWS documentation outlines this for S3 here, and with CloudFront here.

Short version, you set up Route53 to use an Alias record pointing at CloudFront for both the base domain and subdomain, rather than an A record CNAME.

You should use an Origin Access Identity to prevent direct access to S3, as you get 1TB of free data egress from CloudFront and only 100GB from S3 (reference).

Improve this answer
4
  • I did not setup 2 buckets as per the documentation, it started working just as I was about to try this. I used my second approach with www as a CNAME and it works great, I will let it soak and see how it goes. Only thing I added was the www as an alternate Alias to
    – TheArchitecta
    Jun 22 at 4:49
  • There are often good reasons to follow the recommendations. From memory, alias record querys are free, which is one reason to use them.
    – Tim
    Jun 22 at 5:09
  • The documentation does not refer to 2 distributions. I think this is what I am struggling with. surely either 1xCloudFront can redirect accordingly or rewrite like .htaccess So I cannot see how it works without a second distribution. But the docs do not advise a second one, and a second one seems redundant.
    – TheArchitecta
    Jun 22 at 6:08
  • If you're talking about redirecting a www to the base domain, or vice versa, you can leave S3 to do the redirect. CloudFront can redirect http to https but can't do www -> base or vice versa, as far as I know, but I haven't used it in ages I've just reviewed it for AWS certifications.
    – Tim
    Jun 22 at 8:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .