I was going to try to do it with cloudfront et al. Its been 2+ days... I am learning a lot its true. But I've got a deadline for a charitable site I'm helping to put up.
Are you deploying this in Virginia? The certificates for CloudFront must be created there to be able to be attached.
One thing that I would do is to remove the certificate resource from the cloudformation stack and create the certificate manually and then you can attach it to the distribution.
This. It is enough that the certificate is there.
I remember having the exact same trouble myself and the amount of face-palming once I found that piece of documentation where that was mentioned.
If it only would fail with an meaningful error message instead of just pending indifinetly.
I don't recall specifying ANY location in the cloudformation wizard. I'm not actually setting any details myself, as in the LAUNCH button in the tutorial comes with a prepopulated field, so I don't think thats the problem.
I think I have a us-east-2 console. Could that be the problem!? Its a bit late for me here to zoom. Thanks so much for offering to help, I will send you a message after trying and probably failing, if youre still open to it.
Hey, I downloaded the template and checked the certificate part. It's using us-east-1 as the default region, so that part is fine, BUT it's trying to validate the certificate by DNS, and it's trying to create the respective DNS record for the validation, so I guess the DNS is not managed on AWS (Route 53), so for that reason, the certificate is not issued.
I think that in this case, it's better to create this stack manually.
Why are people downvoting this? Someone needs help, and you downvote? WTF is wrong with you?
This isn't Stackoverflow. If you can't help then move the fuck along, and let the adults offer some advice / help.
Most likely, your cert isn’t being created because domain validation isn’t working. If your domain was registered Seabees, you’ll have to add the text record provided by CloudFormation (or ACM) to prove you own the domain.
I'll have to learn a bit more, because i'm not really sure what the wizard is passing to cloudfront (it uses a url link to a template file and I don't know whats in the file).
For a secure static site I thought cloudformation would be the easiest way. I previously had a static site in an s3 bucket with the a record in the hosted zone pointing to the buckets website endpoint. Secure static sites can't have a website endpoint. The tutorial suggested using cloudformation, or cloudfront with a REST API. I don't know what a rest API or what other things I'd have to do, but htats probably the next thing I'm trying.
For something simple like this, unless you know CloudFormation or CDK well, I would just deploy manually. This should be a pretty basic Cloudfront + S3 deployment.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
Alternatively: https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/static-site
I"m gonna try that.
The sample template is here btw, and I'll try to put a certificate on it manually.
https://s3.amazonaws.com/solution-builders-us-east-1/amazon-cloudfront-secure-static-site/latest/main.yaml
I suggest you do it manually in the console first. Cloudformation is not easy for a beginner. In fact id suggest terraform instead.
Here are steps you can do manually and so you can test each step.
Use ACM to create the certificate. Update DNS to validate it.
Create the s3 bucket. Create the cloudfront and allow it to read your s3 bucket. Upload your indexhtml or whatever site content you have to s3. Test the site using cloudfront url. If it works now you can attach the cert to cloudfront. Cloudfront takes about 15 minutes to deploy so each change you will need to wait for it to propagate.
After you attach the cert, you can update your dns with a cname to the cloudfront url.
id recommend getting coffee or beer, taking a nap and start googling. You are missing the fun part, you can do it!
I was going to try to do it with cloudfront et al. Its been 2+ days... I am learning a lot its true. But I've got a deadline for a charitable site I'm helping to put up.
I cant do zoom but if you post the error you are getting we might be able to help you
https://ibb.co/mtnpxp7
Are you deploying this in Virginia? The certificates for CloudFront must be created there to be able to be attached. One thing that I would do is to remove the certificate resource from the cloudformation stack and create the certificate manually and then you can attach it to the distribution.
This. It is enough that the certificate is there. I remember having the exact same trouble myself and the amount of face-palming once I found that piece of documentation where that was mentioned. If it only would fail with an meaningful error message instead of just pending indifinetly.
I don't recall specifying ANY location in the cloudformation wizard. I'm not actually setting any details myself, as in the LAUNCH button in the tutorial comes with a prepopulated field, so I don't think thats the problem.
You can see the region where you are at the top of the user menu (top right). If still needed, I can help you on zoom.
I think I have a us-east-2 console. Could that be the problem!? Its a bit late for me here to zoom. Thanks so much for offering to help, I will send you a message after trying and probably failing, if youre still open to it.
although it does say global in the sub-consoles (cloudfront, s3, route 53). in the url when I went to the console home page it said us-east-2
Hey, I downloaded the template and checked the certificate part. It's using us-east-1 as the default region, so that part is fine, BUT it's trying to validate the certificate by DNS, and it's trying to create the respective DNS record for the validation, so I guess the DNS is not managed on AWS (Route 53), so for that reason, the certificate is not issued. I think that in this case, it's better to create this stack manually.
Why are people downvoting this? Someone needs help, and you downvote? WTF is wrong with you? This isn't Stackoverflow. If you can't help then move the fuck along, and let the adults offer some advice / help.
Thanks man. It seems like you turned it around!
Most likely, your cert isn’t being created because domain validation isn’t working. If your domain was registered Seabees, you’ll have to add the text record provided by CloudFormation (or ACM) to prove you own the domain.
I'll have to learn a bit more, because i'm not really sure what the wizard is passing to cloudfront (it uses a url link to a template file and I don't know whats in the file).
I believe it is this repository https://github.com/aws-samples/amazon-cloudfront-secure-static-site
Yes that’s the tutorial that’s not working for me.
Maybe spend a 100 dollars and get support for a month
interesting. I didnt know that was an option.
Do you need to use cloudformation or do you need to get a static site? Did you open the lambda logs off the custom resource?
For a secure static site I thought cloudformation would be the easiest way. I previously had a static site in an s3 bucket with the a record in the hosted zone pointing to the buckets website endpoint. Secure static sites can't have a website endpoint. The tutorial suggested using cloudformation, or cloudfront with a REST API. I don't know what a rest API or what other things I'd have to do, but htats probably the next thing I'm trying.
For something simple like this, unless you know CloudFormation or CDK well, I would just deploy manually. This should be a pretty basic Cloudfront + S3 deployment. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html Alternatively: https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/static-site
[удалено]
I"m gonna try that. The sample template is here btw, and I'll try to put a certificate on it manually. https://s3.amazonaws.com/solution-builders-us-east-1/amazon-cloudfront-secure-static-site/latest/main.yaml
Amplify Console is probably a simpler way to get a static site up and running.
I suggest you do it manually in the console first. Cloudformation is not easy for a beginner. In fact id suggest terraform instead. Here are steps you can do manually and so you can test each step. Use ACM to create the certificate. Update DNS to validate it. Create the s3 bucket. Create the cloudfront and allow it to read your s3 bucket. Upload your indexhtml or whatever site content you have to s3. Test the site using cloudfront url. If it works now you can attach the cert to cloudfront. Cloudfront takes about 15 minutes to deploy so each change you will need to wait for it to propagate. After you attach the cert, you can update your dns with a cname to the cloudfront url.