How to point a Netlify subdomain to an AWS S3 bucket via CNAME?

Asked 14/3, 2018 at 16:34 Answered 15/3, 2018 at 23:28

Solved amazon-web-services amazon-s3 amazon-route53 cname netlify

I have a static site (mysite.com) hosted via Netlify. Netlify currently manages my DNS, so that I have nameservers like so:

dns1.p07.nsone.net
dns2.p07.nsone.net
dns3.p07.nsone.net
dns4.p07.nsone.net

I have a bucket on my S3 named dl.mysite.com. I want to have it so that when somebody clicks a link such as http://dl.mysite.com/file.pdf, it grabs it from the S3 bucket.

Within my management dashboard for Netlify, I'm able to create a custom subdomain (dl.mysite.com), and it directs me to do the following:

Point dl CNAME record to obfuscated-url-d6f26e.netlify.com Log in to the account you have with your DNS provider, and add a CNAME record for dl pointing to obfuscated-url-d6f26e.netlify.com.

In the past, when I used AWS exclusively to host the app and manage DNS, this was easily accomplished by just creating an Alias record in Route53 for the subdomain and pointing it to my bucket.

How can I accomplish this now that Route53 doesn't handle my DNS? Is it still possible to point that subdomain at a particular S3 bucket?

Sailmaker answered 14/3, 2018 at 16:34 Comment(0)

disclaimer: I work for Netlify.

Netlify is intended to host web content, not proxy entirely to S3 buckets. Using it as you describe may work but is against our terms of service which specifically state that we intend to host websites with html content for people to browse, not computers. If that is literally all you want to do - serve content out of that S3 bucket, then I wouldn't bother with the intermediate step of using Netlify at all here. It's another point of failure that doesn't buy you much to put us between your visitors and S3. One more reasonable way to do it is the way @thomas above suggested.

However, if you want to use Netlify's DNS hosting for your domain since we host other site(s) for you, you can absolutely still use our DNS to set up a hostname that points directly to S3 - no terms of service violation there as we don't limit your use of our DNS service. Many customers have us host DNS for domains where there is one website on netlify and a dozen elsewhere. To configure this, I'd instead set that record as a CNAME to the S3 hostname, and handle any SSL certificate on AWS' side. This will work well and if it doesn't our tech support team will be happy to help you out.

In a third situation, if you want to serve some content at that hostname from S3 (e.g. PDF's) and then some other content (e.g. your website html files that link to PDF's), that is legit! We'll be happy to proxy to your S3 content. For instance, you can set up a (reverse) proxy to /files/* on S3 like this, in a /_redirects file:

/files/* http://aws-bucket-hostname/:splat 200!

This says "load all files from Netlify EXCEPT /files/* which should instead come from S3 with a path matching the part after /files/ in the URL". In this case we WILL handle the SSL certificate for you since we terminate the browser connection instead of S3.

More docs on that functionality here:

https://www.netlify.com/docs/redirects/

Nyeman answered 15/3, 2018 at 23:28 Comment(3)

Hey! I think I fit under Option 2 listed above -- I'm using netlify to host my static site, but I'd like a specific URL on my site to point at a .pdf file stored in an S3 bucket (separating the two). For the sake of URL vanity, I wanted to obscure the s3 endpoint URL hence my original question. According to you & this documentation I found, it seems like I need to add a CNAME record: docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html Do I still need add'l configuration for SSL certs? – Sailmaker 16/3, 2018 at 21:6

sorry Ray - don't know how to configure AWS like that. Have you considered proxying as mentioned in #3? Something like this might work: /file.pdf https://amazon-hostname/file.pdf 200! People would download via your main hostname using the existing SSL certificate for your netlify site and have no obvious idea that S3 is involved. – Nyeman 18/3, 2018 at 21:39

Thanks! This did the trick. For those who might stumble across this question someday and are using gatsby CLI, you will need to add a _redirects file in your /static directory and make the additions mentioned above. – Sailmaker 22/3, 2018 at 3:36

In order to use Static Hosting on S3 (allowing for your bucket to be a domain name), you can only use an alias on Route 53.

You can however use CloudFront to serve files using a domain name of your choice.

I would say your options are:

Switch back to using Route 53
Use CloudFront in-front of your S3 bucket
Just use the S3 bucket link

(Considering how many browsers obscure the address and that people don’t really care, I would go with option 3 personally.)

Gracegraceful answered 14/3, 2018 at 16:47 Comment(0)

Recommended topics

Hot tags