When you go to most websites you can probably notice two things, the site usually redirects to HTTPS and it usually redirects to the WWW subdomain. Whether you type in the naked domain (the apex domain) or not. The reasons to do so are long but mostly for SEO and professional expectations, here’s a shortlist of good reasons.

Another thing, I’ll point out that bugs me is when people use AWS S3 for hosting, which sets their S3 bucket to public. I know this is an offered feature but your one misconfiguration mishap from a hacker is defacing your site.

In this article, I will detail what I think is a more secure and more professional way to host static sites using AWS. While I use Gatsby to render my static sites I am not going to go into the site code itself. This is how to host your already generated static files.

This is going to seem counterintuitive at first but we are actually going to set up the www subdomain first.

Create a Private S3 Bucket

First, we are going to create a new bucket. The name does not matter and we don’t want to give permission to the public. I usually denote these to be buckets with contents in its name. You **don’t **want to give the bucket the name of the domain, this can get confusing later. Do something like domain-contents as the bucket name.

Now upload the contents of your static site here. Honestly, for ease, I usually upload a simple index.html with a large heading just to test that I have everything up and running without also having to debug my site at the same time. Do something predictable.

Now we have a private S3 bucket with our site. We shouldn’t be able to reach this from outside AWS at all.

#s3-bucket #cloudfront #hosting-service #dns #aws