Skip to main content

Posts

Showing posts with the label Route 53

S3 static webhosting, DKIM signature size errors & why DNS prefers UDP

This weekend I spent some time migrating a few low-traffic websites from Nginx to AWS S3's static web hosting service. In theory, this is a straightforward process: move content from the old webroot to an S3 bucket that shares the name of the domain, enable static web hosting for the bucket & set a security policy that enables anonymous web users to see that content. In practice, there's a bit more involved: 1. S3 bucket resource paths can change, which will result in DNS failures unless you use a Route 53 hosted zone. You don't need to buy a domain from Amazon to do this, but you do need to use their nameservers. This isn't free, and there is an extra fee for DNSSEC. 2. Want an SSL/TLS certificate? Of course you do. This means generating a certificate within Amazon Certificate Manager. In most circumstances (without "legacy" client support for example), there is no charge for the certificate. But to serve traffic using that certificate requires provisioni...