How to use Akamai infront of S3 buckets?

Question

I have a static website that is currently hosted in apache servers. I have an akamai server which routes requests to my site to those servers. I want to move my static websites to Amazon S3, to get away from having to host those static files in my servers.

I created a S3 bucket in amazon, gave it appropriate policies. I also set up my bucket for static website hosting. It told me that I can access the site at

http://my-site.s3-website-us-east-1.amazonaws.com

I modified my akamai properties to point to this url as my origin server. When I goto my website, I get Http 504 errors.

What am i missing here?

Thanks K

Is Akamai trying to use HTTPS? The web site endpoints don't support HTTPS. — Michael - sqlbot, Oct 30 '17 at 01:36
S3 buckets dont support HTTPS? This would mean that the traffic between Akamai and S3 would happen over HTTP, that would be an issue for me — Karthik Balasubramanian, Oct 30 '17 at 11:31

score 3 · Accepted Answer · answered Oct 30 '17 at 11:50

S3 buckets don't support HTTPS?

Buckets support HTTPS, but not directly in conjunction with the static web site hosting feature.

See Website Endpoints in the S3 Developer Guide for discussion of the feature set differences between the REST endpoints and the web site hosting endpoints.

Note that if you try to directly connect to your web site hosting endpoint with your browser, you will get a timeout error.

The REST endpoint https://your-bucket.s3.amazonaws.com will work for providing HTTPS between bucket and CDN, as long as there are no dots in the name of your bucket

Or if you need the web site hosting features (index documents and redirects), you can place CloudFront between Akamai and S3, encrypting the traffic inside CloudFront as it left the AWS network on its way to Akamai (it would still be in the clear from S3 to CloudFront, but this is internal traffic on the AWS network). CloudFront automatically provides HTTPS support on the dddexample.cloudfront.net hostname it assigns to each distribution.

I admit, it sounds a bit silly, initially, to put CloudFront behind another CDN but it's really pretty sensible -- CloudFront was designed in part to augment the capabilities of S3. CloudFront also provides Lambda@Edge, which allows injection of logic at 4 trigger points in the request processing cycle (before and after the CloudFront cache, during the request and during the response) where you can modify request and response headers, generate dynamic responses, and make external network requests if needed to implement processing logic.

What if you do not want to use Cloudfront. Especially when Akamai pricing for CDN bandwidth is lower to CF? Has S3 and Akamai implemented something new in these years to make it possible? — anup, Jun 14 '20 at 06:39

score 1 · Answer 2 · answered Sep 05 '21 at 22:55

I faced this problem currently and as mentioned by Michael - sqlbot, putting the CloudFront between Akamai and S3 Bucket could be a workaround, but doing that you're using a CDN behind another CDN. I strongly recommend you to configure the redirects and also customize the response when origin error directly in Akamai (using REST API endpoint in your bucket). You'll need to create three rules, but first, go to CDN > Properties and select your property, Edit New Version based on the last one and click on Add Rule in Property Configuration Settings section. The first rule will be responsible for redirect empty paths to index.html, create it just like the image below:

builtin.AK_PATH is an Akamai's variable. The next step is responsible for redirect paths different from the static ones (html, ico, json, js, css, jpg, png, gif, etc) to \index.html:

The last step is responsible for customize an error response when origin throws an HTTP error code (just like the CloudFront Error Pages). When the origin returns 404 or 403 HTTP status code, the Akamai will call the Failover Hostname Edge Server (which is inside the Akamai network) with the /index.html path. This setup will be triggered when refreshing pages in the browser and when the application has redirection links (which opens new tabs for example). In the Property Hostnames section, add a new hostname that will work as the Failover Hostname Edge Server, the name should has less than 16 characters, then, add the -a.akamaihd.net suffix to it (that's the Akamai pattern). For example: failover-a.akamaihd.net:

Finally, create a new empty rule just like the image below (type the hostname that you just created in the Alternate Hostname in This Property section):

score 0 · Answer 3 · answered Jan 27 '18 at 07:51

Since you are already using Akamai as a CDN, you could simply use their NetStorage product line to achieve this in a simplified manner.

All you would need to do is to move the content from s3 to Akamai and it would take care of the rest(hosting, distribution, scaling, security, redundancy).

The origin settings on Luna control panel could simply point to the Netstorage FTP location. This will also remove the network latency otherwise present when accessing the S3 bucket from the Akamai Network.

How to use Akamai infront of S3 buckets?

3 Answers3