0

I have domain and many subdomains... and many more subdomains will be created. I want to allow all the sub domains to use the actual domain bucket policy (S3).

For example: example.com is my main domain and I want abc.example.com, abcd.example.com and abcde.example.com to use the S3 bucket. Please note subdomains will be many and cannot type all names... my question is can we use wildcards like .example.com/?

Below is my S3 bucket policy file:

Please note example.com is use only for describing the issue.

{
    "Version": "2012-10-17",
    "Id": "Policy1444053343008",
    "Statement": [
        {
            "Sid": "Stmt1444053339232",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::example.com/*"
        }
    ]
}
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Fuzail
  • 21
  • Can you provide more information about what you are trying to achieve? For example, do you want each subdomain (eg `abc.example.com`) to point to the same Amazon S3 bucket, or a different bucket? Will you be granting equivalent permission for each subdomain, or do you require a different policy? What are you trying at the moment and what issues are you experiencing? – John Rotenstein Oct 09 '15 at 20:39
  • FYI, the `Resource` parameter in the bucket policy refers to the actual name of the bucket. It is unrelated to how users actually access the bucket. – John Rotenstein Oct 09 '15 at 20:40
  • John, i want to let all the sub domains to use the same bucket policy as i have put the images in S3 and i want to call them to my theme's images so they will be using in any subdomain or actual domain. so i want is abc.example.com abcd.example.com example.com and so many more to access the same S3 bucket for all the subdomain and main domain. i want to grant everyone permission for view only. it is working for main domain right now but i want it to work for subdomains also. please help in this regard – Fuzail Oct 12 '15 at 08:39
  • The bucket policy applies to the bucket, regardless of how they access the bucket. If you can make the subdomains point to the bucket, they will all have the same access. (However, you might have difficulty pointing multiple subdomains to one bucket, depending how you do it.) – John Rotenstein Oct 12 '15 at 10:37
  • John, can you please guide me for pointing my all the subdomains to the same bucket? or share a URL that may help in this regard. i am hosting only images on S3 and want to use it on all the subdomains. – Fuzail Oct 12 '15 at 13:17
  • is you can spare some time and describe me in detail or refer me a link i would be grateful to you – Fuzail Oct 14 '15 at 10:20

1 Answers1

1

From the Amazon S3 documentation Customizing Amazon S3 URLs with CNAMEs:

The bucket name must be the same as the CNAME.

So, you could create a bucket named abc.example.com and then create a DNS CNAME record to alias that URL to abc.example.com.s3.amazonaws.com. (Note: The actual URL will vary depending upon your bucket's region.)

This will resolve to the IP address of an Amazon S3 server, which then uses the URL to determine which bucket to use. Buckets do not have their own IP address -- they are accessed via S3's IP addresses. Therefore, you cannot point multiple domain names to the same bucket.

Instead, create separate buckets and redirect from those buckets to one 'central' bucket. For example:

  • Create a bucket called def.example.com
  • Turn on Static Website Hosting
  • Select Redirect all requests to another host name
  • Point them to abc.example.com

Static website hosting configuration

  • Create a DNS entry (eg in Route 53) to point def.example.com to the static website URL provided in the console

Result: Any request to def.example.com/foo will redirect to the same bucket used by abc.example.com.

The downside is that you will have to create a bucket for each subdomain you wish to redirect, but this can be automated.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470