AWS S3 Bucket ‘host’ header

The other day I was working with DNS delegation and I needed to test a subdomain being posted in AWS route 53 to make sure that I can use this DNS delegation configuration for future projects confidently.

Here’s a link to a post from Amazon web services about DNS delegation.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html

This helped me realize that DNS Delegation is not hard to setup. It just requires a little patience.

After setting up DNS Delegation I needed a website to test with. I thought it would be overkill to setup an EC2 server with a simple hello world webpage when I could just setup a static website using S3….because hey, it’s easy.

This lead me to realize that pointing to the S3 bucket from a custom domain is not a trivial as having a webserver with a Public IP address. This is because you cannot use a CNAME record for the apex of a domain.

Here is a great blog post on why you cannot:

https://blog.cdemi.io/why-cant-you-have-a-cname-at-the-root-of-a-domain/

I ended up having my domain registered in AWS Account #1 with a Route53 zone in the same account. My delegated subdomain (AWS hosted zone) was in AWS Account #2.

Finally, the S3 bucket I wanted to host the static website in was in Account #1.

This meant I couldn’t use the Route53 feature of an “Alias” A-Record for pointing to my S3 bucket. This was my workaround.

TLDR note: *S3 looks at the host header!*

When you configure a bucket for website hosting. I think: In the background, S3 creates an entry to serve up requests from it’s S3 web API backed by your bucket if your bucket name is specified in the *host* header. Normal responses are replied with using XML. An S3 bucket configured to be a website replies with HTML.

See here for a helpful table:

https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html

Here are my steps

I created nameserver records in Route53 (in zone greatcalldevops.com) for a subdomain (joe.greatcalldevops.com) in AWS Account 1 to the nameservers for the Delegated zone in AWS Account 2 (for the same subdomain)

Then I created `goodmorning.joe.greatcalldevops.com` in the delegated zone to point to `joeisagoodman.s3-website-us-west-2.amazonaws.com`

the chain works because the S3 endpoint behind `http://joisagoodman.s3-website-us-west-2.amazonaws.com/` received that request and looks at the `host` header. (Even tho the website bucket is named: goodmorning.joe.greatcalldevops.com ) Then it finds the bucket named in the `host` header, and returns the contents since it is a website bucket.

you can try this in Postman. Send a request to the IP address received from running:

`nslookup goodmorning.joe.greatcalldevops.com`

probably the same as what you get for `s3-website-us-west-2.amazonaws.com` = `52.218.160.95`

then set the host header to be: `goodmorning.joe.greatcalldevops.com` and you see the same page as:

http://goodmorning.joe.greatcalldevops.com (the S3 generated CNAME for the bucket)

Be sure to put the header key value into Postman as a header and not as a query string (that puts it in the url)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s