Amazon S3 - HTTPS/SSL - Is it possible? [closed]
Clash Royale CLAN TAG#URR8PPPAmazon S3 - HTTPS/SSL - Is it possible? [closed]
I saw a few other questions regarding this without any real answers or information (or so it appeared).
I have an image here:
http://furniture.retailcatalog.us/products/2061/6262u9665.jpg
Which is redirecting to:
http://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg
I need it to be (https):
https://furniture.retailcatalog.us/products/2061/6262u9665.jpg
So I installed a wildcard ssl on retailcatalog.us (we have other subdomains), but it wasn't working. I went to check
https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg
And it wasn't working, which means on the Amazon S3 website itself the https wasn't working.
How do I make this work?
Questions on Stack Overflow are expected to relate to programming within the scope defined by the community. Consider editing the question or leaving comments for improvement if you believe the question can be reworded to fit within the scope. Read more about reopening questions here. If this question can be reworded to fit the rules in the help center, please edit the question.
No, I want to access the image securely. Is this possible?
– Kerry Jones
Jun 15 '10 at 20:19
That last URL works for me, although it comes with a certificate error which is likely a problem for you
– Michael Haren
Jun 15 '10 at 20:21
Yes, that is a problem. For me in stops me from seeing it in the first place and I have to verify the cert manually to see it.
– Kerry Jones
Jun 15 '10 at 20:53
only a few years late to the game, but ssl cnames work with cloudfront. example cdn.example.com points to randomstring.cloudfront.net which points to your s3 bucket. https:// cdn.example.com will serve content with no error, but you get a cert warning if trying to browse the url directly.
– Neil McGuigan
Nov 16 '12 at 6:26
4 Answers
4
This is a response I got from their Premium Services
Hello,
This is actually a issue with the way SSL validates names containing a period, '.', > character. We've documented this behavior here:
http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html
The only straight-forward fix for this is to use a bucket name that does not contain that character. You might instead use a bucket named 'furniture-retailcatalog-us'. This would allow you use HTTPS with
https://furniture-retailcatalog-us.s3.amazonaws.com/
You could, of course, put a CNAME DNS record to make that more friendly. For example,
images-furniture.retailcatalog.us IN CNAME furniture-retailcatalog-us.s3.amazonaws.com.
Hope that helps. Let us know if you have any other questions.
Amazon Web Services
Unfortunately your "friendly" CNAME will cause host name mismatch when validating the certificate, therefore you cannot really use it for a secure connection. A big missing feature of S3 is accepting custom certificates for your domains.
UPDATE 10/2/2012
From @mpoisot:
The link Amazon provided no longer says anything about https. I poked around in the S3 docs and finally found a small note about it on the Virtual Hosting page: http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html
UPDATE 6/17/2013
From @Joseph Lust:
Just got it! Check it out and sign up for an invite: http://aws.amazon.com/cloudfront/custom-ssl-domains
+1 for following up on your won question - very helpful information easily overlooked in the S3 documentation!
– Steffen Opel
Feb 7 '11 at 15:40
The link Amazon provided no longer says anything about https. I poked around in the S3 docs and finally found a small note about it on the Virtual Hosting page: docs.amazonwebservices.com/AmazonS3/latest/dev/…
– mpoisot
Oct 2 '12 at 21:49
Note that it's $600 PER MONTH. :-o
– loneboat
Oct 14 '13 at 14:53
It's now possible to use your own SSL certificate for Cloudfront with no additional costs. So the 600$/m charge is gone.
– schickling
Apr 1 '14 at 9:19
@schickling It's also worth noting that CloudFront made this change by allowing you to choose between SNI or Dedicated IP SSL. Dedicated IP SSL continues to cost $600, but SNI SSL is free. Just make sure the browsers you're targeting support SNI.
– Ryan Pendleton
Jun 21 '15 at 21:57
I know its a year after the fact, but using this solves it: https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg
I saw this on another site (http://joonhachu.blogspot.com/2010/09/helpful-tip-for-amazon-s3-urls-for-ssl.html).
doesn't really seems to solve it . It still uses the amazon domain name (s3.amazonaws.com ) so it sucks !
– themihai
Mar 16 '12 at 12:19
This doesn't suck. Yes, the domain is different, but it allows you to serve content over SSL on an existing bucket on S3. Without this scheme, you have to create a bucket just for your SSL-served files (because the S3 wildcard SSL certificate won't match files.yourdomain.com.s3.amazonaws.com): secure-yourdomain.s3.amazonaws.com. Now you have two buckets to manage instead of one. Not a big deal, but in web apps, any more complexity than what's absolutely needed sucks.
– andrew
Apr 16 '12 at 22:25
Hi, I'm actually the guy who wrote the referencing link you put there "Joonha". The little gem to not miss is using that technique + "//" alone as your protocol beginning. On my ecommerce development business, we do linking to URLs with "//" instead of "https:// or "http://" because we never have to care at that point.
– Jason Sebring
May 5 '12 at 16:36
It seems this doesn't work anymore , I got a PermanentRedirect error.
– Paulo Casaretto
Jun 18 '12 at 22:56
See my new answer regarding why this works for some people and not others. It matters what region your buckets are in.
– Nate
Dec 27 '12 at 20:41
payton109’s answer is correct if you’re in the default US-EAST-1 region. If your bucket is in a different region, use a slightly different URL:
https://s3-<region>.amazonaws.com/your.domain.com/some/asset
Where <region> is the bucket location name. For example, if your bucket is in the us-west-2 (Oregon) region, you can do this:
<region>
us-west-2
https://s3-us-west-2.amazonaws.com/your.domain.com/some/asset
When using a CNAME DNS record it's only about the domain resolution, so you can't redirect to an url with a path. See also: stackoverflow.com/questions/32714351/…
– Sebastien Lorber
Sep 22 '15 at 10:39
This works for me and is the most complete answer.
– besimple
May 30 '17 at 12:42
This is good, but it bypassing static website hosting rules, such as redirect rules to index.html
– Kim T
Dec 14 '17 at 3:51
As previously stated, it's not directly possible, but you can set up Apache or nginx + SSL on a EC2 instance, CNAME your desired domain to that, and reverse-proxy to the (non-custom domain) S3 URLs.
One way of finding the fully qualified SSL path to an S3 resource is to drill down to it using AWS console. The full path is displayed at the bottom of the Overview tab.
– eric gilbertson
May 8 at 0:33
Your question doesn't explain exactly what you want to do. Do you want to make http requests redirect to https? If so, you should reword the title of the question to better state that fact. That will help more people to find this question and answer it.
– A. Levy
Jun 15 '10 at 19:38