Skip to content

Instantly share code, notes, and snippets.

@airicbear

airicbear/cloudfront_static_website.md

Last active August 17, 2024 15:33
Show Gist options
  • Save airicbear/ebf79a00bfe2e6235f07379f50d5e826 to your computer and use it in GitHub Desktop.
Save airicbear/ebf79a00bfe2e6235f07379f50d5e826 to your computer and use it in GitHub Desktop.
Download ZIP
Create a static website in CloudFront
Raw
cloudfront_static_website.md

How to create a static website in CloudFront

  1. Create an AWS account Account-A for the root hosted zone.

  2. Create an AWS account Account-B for the static assets.

  3. Register a domain in Account-A.

  4. Create a root hosted zone in Account-A.

  5. Create a DNS delegation IAM role in Account-A with the identity-based policy

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:GetHostedZone"
            ],
            "Resource": "arn:aws:route53:::hostedzone/<root hosted zone id>",
            "Effect": "Allow"
        },
        {
            "Action": "route53:ListHostedZonesByName",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

  6. Create a sub hosted zone in Account-B.

  7. Create cross account zone delegation records in Account-B from the sub hosted zone to the root hosted zone using the DNS delegation IAM role from Account-A.

  8. Create an S3 bucket Account-B.

  9. Request an ACM certificate in Account-B for the sub hosted zone.

  10. Create a CloudFront distribution in Account-B using the S3 bucket as the origin, specifying a default root object, and adding the alternate domain names.

  11. Create a resource-based policy for the S3 bucket in Account-B, allowing the CloudFront service principal to perform s3:GetObject on the S3 bucket with the condition that the source is from the new CloudFront distribution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment