Search code examples
amazon-web-servicesamazon-s3aws-cloudformationamazon-iamamazon-s3-access-points

Is it possible to use S3 Access Point as a static website?


I'm trying to figure out whether it is possible to use AWS S3 Access Point for hosting a static S3 website.

S3WebsiteBucket.WebsiteURL resource described below works great but I need to use Access Point instead.

Failure message whenever I request the index file(URL is like https://my-access-point-0000000000.s3-accesspoint.eu-north-1.amazonaws.com/index.html) is the following:

InvalidRequest The authorization mechanism you have provided is not supported. Please use Signature Version 4.

My CloudFormation template:

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  S3WebsiteBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: error.html
      VersioningConfiguration:
        Status: Enabled

  S3WebsiteBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      PolicyDocument:
        Id: AllowPublicRead
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Join
              - ''
              - - 'arn:aws:s3:::'
                - !Ref S3WebsiteBucket
                - /*
      Bucket: !Ref S3WebsiteBucket

  S3AccessPoint:
    Type: AWS::S3::AccessPoint
    Properties:
      Bucket: !Ref S3WebsiteBucket
      Name: my-access-point
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        IgnorePublicAcls: true
        BlockPublicPolicy: true
        RestrictPublicBuckets: false

Is it possible to use S3 Access Point for such a task at all or it's not meant for public access(static websites)? If that's possible, is there anything that I missed - perhaps S3AccessPoint needs its own IAM access policy?

My primary motivation for using S3 Access Point is to hide the original bucket name without using Route 53 and custom domains.


Solution

  • Sadly you can't do this, as S3 website mode is for buckets only (not access points) . From docs:

    Amazon S3 website endpoints do not support HTTPS or access points.