If you need a subdomain like static.example.com to serve a static website from S3 and you do not enjoy random SSL warnings or manual IP babysitting this guide will save your sanity. We use S3 for storage Route 53 for DNS and optionally CloudFront and ACM for HTTPS and better security. Yes it is that simple and yes you will have to wait for DNS to stop being dramatic.
High level summary so you do not wander off and invent new problems. Create an S3 bucket named exactly like your subdomain. Enable static website hosting when you want S3 to serve index documents directly. Upload your files and either allow public reads for the S3 website endpoint or lock the bucket and front it with CloudFront for HTTPS. In Route 53 create an alias record that points to the S3 website endpoint or to your CloudFront distribution. If you want HTTPS request a public certificate in ACM in the us-east-1 region and attach it to CloudFront.
Name the bucket exactly as the subdomain for example static.example.com. In bucket properties turn on static website hosting and set your index document and optionally an error document. If you will use the S3 website endpoint remember it only supports plain HTTP. If you want HTTPS use CloudFront as the front door so the browser can see a padlock and so you can restrict direct access to the bucket.
Upload your HTML CSS and assets to the bucket. For a plain S3 website endpoint you need to allow public reads either by adjusting the public access settings or by adding a bucket policy that grants s3 get object on the objects. If privacy matters or you need HTTPS do not open the bucket. Instead create a CloudFront distribution with the S3 bucket as origin and use an origin access identity or origin access control so only CloudFront can fetch objects.
Open the hosted zone for your domain in Route 53. Add an A record alias for the subdomain. For a simple setup point the alias to the S3 website endpoint target. For a secure HTTPS setup point the alias to the CloudFront distribution. Using alias records avoids manual IP management and works with AWS targets more reliably than raw IPs.
If you want a secure site request a public certificate in ACM in the us-east-1 region for use with CloudFront. Validate the certificate using DNS validation in Route 53 for the fastest results. After validation attach the certificate to the CloudFront distribution so browsers will stop yelling at visitors with warning messages.
DNS changes take time. Wait for propagation and then load the subdomain in a browser. Confirm the site serves the expected content and that the certificate is valid when using CloudFront. If redirects or index documents are not behaving revisit the bucket static hosting settings and the Route 53 records.
There you go. You now have a mapped subdomain serving a static website from S3 with an option for CloudFront and ACM for HTTPS. It is not magic it is configuration and DNS patience. If anything breaks reread the steps and then blame DNS propagation for a while.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.