Luis  Rodrigues

Luis Rodrigues

1626243900

Host a Website with AWS S3 & AWS Route 53 | AWS Serverless

In this AWS S3 tutorial we walk step-by-step through the process of hosting a website on Amazon S3. Then we set up a custom domain name in AWS Route 53 and associate it with our website in S3.

S3 bucket policy (replace ‘[YOUR_BUCKET_NAME]’ with your actual bucket name):

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “PublicReadGetObject”,
“Effect”: “Allow”,
“Principal”: “",
“Action”: “s3:GetObject”,
“Resource”: "arn:aws:s3:::[YOUR_BUCKET_NAME]/

} ]
}

Subscribe: https://www.youtube.com/c/CloudPath/featured

#aws #serverless

What is GEEK

Buddha Community

Host a Website with AWS S3 & AWS Route 53 | AWS Serverless
Christa  Stehr

Christa Stehr

1598408880

How To Unite AWS KMS with Serverless Application Model (SAM)

The Basics

AWS KMS is a Key Management Service that let you create Cryptographic keys that you can use to encrypt and decrypt data and also other keys. You can read more about it here.

Important points about Keys

Please note that the customer master keys(CMK) generated can only be used to encrypt small amount of data like passwords, RSA key. You can use AWS KMS CMKs to generate, encrypt, and decrypt data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys.

You must use and manage data keys outside of AWS KMS. KMS API uses AWS KMS CMK in the encryption operations and they cannot accept more than 4 KB (4096 bytes) of data. To encrypt application data, use the server-side encryption features of an AWS service, or a client-side encryption library, such as the AWS Encryption SDK or the Amazon S3 encryption client.

Scenario

We want to create signup and login forms for a website.

Passwords should be encrypted and stored in DynamoDB database.

What do we need?

  1. KMS key to encrypt and decrypt data
  2. DynamoDB table to store password.
  3. Lambda functions & APIs to process Login and Sign up forms.
  4. Sign up/ Login forms in HTML.

Lets Implement it as Serverless Application Model (SAM)!

Lets first create the Key that we will use to encrypt and decrypt password.

KmsKey:
    Type: AWS::KMS::Key
    Properties: 
      Description: CMK for encrypting and decrypting
      KeyPolicy:
        Version: '2012-10-17'
        Id: key-default-1
        Statement:
        - Sid: Enable IAM User Permissions
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:root
          Action: kms:*
          Resource: '*'
        - Sid: Allow administration of the key
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyAdmin}
          Action:
          - kms:Create*
          - kms:Describe*
          - kms:Enable*
          - kms:List*
          - kms:Put*
          - kms:Update*
          - kms:Revoke*
          - kms:Disable*
          - kms:Get*
          - kms:Delete*
          - kms:ScheduleKeyDeletion
          - kms:CancelKeyDeletion
          Resource: '*'
        - Sid: Allow use of the key
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyUser}
          Action:
          - kms:DescribeKey
          - kms:Encrypt
          - kms:Decrypt
          - kms:ReEncrypt*
          - kms:GenerateDataKey
          - kms:GenerateDataKeyWithoutPlaintext
          Resource: '*'

The important thing in above snippet is the KeyPolicy. KMS requires a Key Administrator and Key User. As a best practice your Key Administrator and Key User should be 2 separate user in your Organisation. We are allowing all permissions to the root users.

So if your key Administrator leaves the organisation, the root user will be able to delete this key. As you can see **KeyAdmin **can manage the key but not use it and KeyUser can only use the key. ${KeyAdmin} and **${KeyUser} **are parameters in the SAM template.

You would be asked to provide values for these parameters during SAM Deploy.

#aws #serverless #aws-sam #aws-key-management-service #aws-certification #aws-api-gateway #tutorial-for-beginners #aws-blogs

Luis  Rodrigues

Luis Rodrigues

1626243900

Host a Website with AWS S3 & AWS Route 53 | AWS Serverless

In this AWS S3 tutorial we walk step-by-step through the process of hosting a website on Amazon S3. Then we set up a custom domain name in AWS Route 53 and associate it with our website in S3.

S3 bucket policy (replace ‘[YOUR_BUCKET_NAME]’ with your actual bucket name):

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “PublicReadGetObject”,
“Effect”: “Allow”,
“Principal”: “",
“Action”: “s3:GetObject”,
“Resource”: "arn:aws:s3:::[YOUR_BUCKET_NAME]/

} ]
}

Subscribe: https://www.youtube.com/c/CloudPath/featured

#aws #serverless

Rory  West

Rory West

1619198880

Adding CloudFront and a Domain to Web-Enabled AWS S3 Bucket

In this article, we will create a CloudFront distribution and link it to a registered domain (microfrontends.info). We will work with AWS CloudFront, Route 53, S3, and Certificate Manager. This article builds over the previous article.

After we deployed to the web-enabled AWS S3 bucket, we can browse to the bucket through the following URL http://mfe1.s3-website-us-east-1.amazonaws.com/

You noticed that next to the URL it says “Not Secure”. This is because we are using HTTP instead of HTTPS. To be able to get a certificate, we need to create a CloudFront distribution, first. CloudFront, which is also known as CDN or Edge Servers, is responsible for Caching your content globally and provide less traffic travel. Let’s add AWS CloudFront to our S3 bucket.

#aws-cloudfront #aws-s3 #aws-route-53 #aws #cloudfront

How to host a Static Website in AWS S3 - CodeBabel

Hello All! Welcome back to the third article in the AWS Series! As we already know, AWS S3 offers low cost, high performance, highly scalable, unlimited cloud storage with a pay-as-you-go approach. But, apart from being a storage option, it can also be used to host static web content. In this article, we will discuss how to host a static website in AWS S3.

Below is the overview of the steps for doing that:

Creating a bucket

Step1: First let’s create a bucket. For that, let’s first login to AWS console, and then select S3 under ‘Storage’ from the AWS ‘Console Home’.

select S3

select S3

Step2: Next, from the S3 console, let’s click on the ‘Create Bucket’ icon in the Amazon S3 console.

Creating New Bucket

Creating New Bucket

A pop up window appears wherein we enter the bucket details. Here, let’s consider the bucket name as ‘codebabel-static-website-demo and the region can be according to the requirement. Here we have chosen the default region ‘US EAST ohio’. Let’s leave everything to default settings by clicking on “Next” option. In the ‘review’ page, let’s review our configurations and click on ‘Create bucket’ to create the S3 bucket.

Create New S3 Bucket

Create New S3 Bucket

We can see the newly created S3 bucket in the AWS S3 console.

Bucket after creation

Created Bucket can be viewed in S3 Dashboard

Step3: For this demo, we have created a simple static website in HTML. It consists of an **index.html **file which has two web pages and an **error.html**file which throws an error message when something goes wrong. We also have some .css files for formatting. Now let’s upload these files in the AWS S3 demo bucket.

For this, let’s click on our S3 bucket and click on the “upload” option under the “overview” icon. We can either add or drag and drop the required files. We can also set permissions for each of the files while uploading by clicking the “Next” icon which we will discuss later in this article. For now, we will only upload the files by clicking “Upload“. Let’s upload all our files this way.

Upload Files

Upload Files

Enabling static website hosting

Step4: Let’s click on our S3 bucket, and go to Properties -> Static website hosting.

Enabling Static Website Hosting

Enabling Static Website Hosting

We can see the generated endpoint URL to access our static website, as soon as we select this option. Now below that, we will mention the following: “Index document = index.html, error document = error.html“.

#devops #aws #aws s3 #css #github #html #scm #website hosting

Hermann  Frami

Hermann Frami

1617016800

Serverless Framework: Use AWS S3 Object Lambda to Resize Images on The Fly

Goal

In this post, I will show you how to use Amazon S3 Object Lambda to resize images on the fly. The  Serverless Framework will be used to define the Infrastructure as Code and to simplify the deployment. Sharp will be used to resize the images. Lambda will be written using the Node.js 14x  Lambda runtime

What’s Amazon S3 Object Lambda

One of the most common Lambda patterns is to transform data stored inside Amazon S3. Generally, a lambda function is invoked after a file has been uploaded. Lambda would retrieve that file, apply any needed transformation (e.g. converting type of file) and store the result in S3.

That pattern was working well, however, it would require some work done onto a file despite that being accessed in the future or not.

If you needed to convert a file on the fly you should have created a Lambda function, invoke it via Amazon API GW and wait for the lambda to perform the transformation.

AWS has recently introduced  Amazon S3 Object Lambda in a good post by Danilo Poccia. S3 Object Lambda allows creating a Lambda directly connected to the S3 bucket (using  S3 Access Points) that is automatically invoked when retrieving the object from S3!

That means that our application needs only to send an S3 Get Object request to retrieve the original or transformed data

Also, a very important peculiarity of using Amazon S3 Object Lambda it’s that the file you want to retrieve doesn’t need to exist on S3! We will make use of this for our scenario

_Note: High-level AWS CLI S3 commands (e.g. _aws s3 cp_) don’t currently support S3 Object Lambda, instead we need to use low-level S3 API commands (e.g. __aws s3api get-object)_

Common Use Cases

In his post, Danilo highlighted the most common use cases for Amazon S3 Object Lambda:

  • Converting across data formats (e.g. XML to JSON)
  • Compressing or decompressing files on the fly
  • Resizing images on the fly (our use case!)
  • Many more (left to the devs’ creativity)

#aws-lambda #serverless #aws-s3 #aws