AWS CLIを使ってS3をWeb公開

AWS S3 のドキュメントに S3 の Web ホスト機能を利用したシステム構築例が2つあったので、これらを AWS CLI でコマンドラインから操作するよう移植した。

Example: Setting Up a Static Website

In the first example you configure a bucket for website hosting, upload a sample index document and test the website using the Amazon S3 website endpoint for the bucket.

AWS CLI の

コマンドを使う。
なお s3s3api のハイレベル API。

バケット名は x123 として作成

To create a bucket and configure it as a website

なにはともあれバケットを作成(aws s3 mb)。

$ aws s3 mb s3://x123
make_bucket: s3://x123/

Web サイトとして公開(aws s3 website)。

$ aws s3 website s3://x123 --index-document index.html

$ aws s3api get-bucket-website --bucket x123
{
    "RedirectAllRequestsTo": {},
    "IndexDocument": {
        "Suffix": "index.html"
    },
    "ErrorDocument": {},
    "RoutingRules": []
}

To add a bucket policy that makes your bucket content publicly available

Public な READ 権限を与える(aws s3api put-bucket-policy)

$ cat policy.json
{
  "Version":"2012-10-17",
  "Statement":[{
        "Sid":"PublicReadForGetBucketObjects",
        "Effect":"Allow",
          "Principal": {
            "AWS": "*"
         },
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::x123/*"
      ]
    }
  ]
}
$ aws s3api put-bucket-policy --bucket x123 --policy file://policy.json
$ aws s3api get-bucket-policy --bucket x123
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "s3:GetObject",
            "Principal": {
                "AWS": "*"
            },
            "Resource": "arn:aws:s3:::x123/*",
            "Effect": "Allow",
            "Sid": "PublicReadForGetBucketObjects"
        }
    ]
}

To upload an index document

index.html ファイルをアプロード(aws s3 cp)

$ cat index.html
<html><body>hello world!</body></html>
$ aws s3 cp index.html s3://x123/index.html
upload: ./index.html to s3://x123/index.html

Test your website

公開されていることを確認

$ curl -D - http://x123.s3-website-ap-northeast-1.amazonaws.com
HTTP/1.1 200 OK
x-amz-id-2: dw5E8AbnQTPYPwX2aq1Rr7QiAFJqiWaCUTDfEW1yk8tMz2BsklvZHoB1ENlqP6nI
x-amz-request-id: 837DEEDED2A194F0
Date: Sun, 23 Mar 2014 09:08:43 GMT
Last-Modified: Sun, 23 Mar 2014 09:07:38 GMT
ETag: "66f1c9e435d70d48901b5d258b19b402"
Content-Type: text/html
Content-Length: 39
Server: AmazonS3

<html><body>hello world!</body></html>

無事表示された。

Example: Setting Up a Static Website Using a Custom Domain

The second example shows how you can use your own domain such as example.com, instead of the Amazon S3 bucket website endpoint, and serve content from an Amazon S3 bucket configured as a website.

2つのバケットを用意し

  • 片方のバケットはドメイン http://www.x12345.com で公開し、S3レベルで x12345.com にリダイレクト
  • もう片方のバケットはドメイン x12345.com で公開、このバケットに実コンテンツをアップロード

S3 だけでなく DNS も絡むので、先ほどの例より少し複雑になる。

AWS CLI の

コマンドを使う。

Step 1: Register a Domain

お好きなレジストリサービスでドメインを取得しておく。

Step 2: Create and Configure Buckets and Upload Data

Step 2.1: Create Two Buckets

バケットを2つ用意。

$ aws s3 mb s3://x12345.com
make_bucket: s3://x12345.com/
$ aws s3 mb s3://www.x12345.com
make_bucket: s3://www.x12345.com/

公開するバケットに Public Read の権限を与える

$ cat policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::x12345.com/*"
        }
    ]
}
$ aws s3api put-bucket-policy --bucket x12345.com --policy file://policy.json

公開するバケットに index.html をアプロード

$ cat << EOF > index.html
> <html xmlns="http://www.w3.org/1999/xhtml" >
> <head>
>     <title>My Website Home Page</title>
> </head>
> <body>
>   <h1>Welcome to my website</h1>
>   <p>Now hosted on Amazon S3!</p>
> </body>
> </html>
> EOF
$ aws s3 cp index.html s3://x12345.com/index.html
upload: ./index.html to s3://x12345.com/index.html

Step 2.2: Configure Buckets for Website Hosting

一つ目の例と同様の手順で www. がついていない方のバケットを Web 公開する。

$ aws s3 website s3://x12345.com --index-document index.html
$ aws s3api get-bucket-website --bucket x12345.com
{
    "RedirectAllRequestsTo": {},
    "IndexDocument": {
        "Suffix": "index.html"
    },
    "ErrorDocument": {},
    "RoutingRules": []
}

バケットに割り振られた S3 固有のホストで閲覧できることを確認

$ curl -D - http://x12345.com.s3-website-us-east-1.amazonaws.com
HTTP/1.1 200 OK
x-amz-id-2: RcS3e83JqjC9FIae1KW3Lalf8NGYdvn1hrDRjyPqzwHAljErrl3MISWoVHmOGKXw
x-amz-request-id: 6A8B93E498927701
Date: Sun, 23 Mar 2014 09:34:58 GMT
Last-Modified: Sun, 23 Mar 2014 09:34:20 GMT
ETag: "26cdfa42b4e185728ad5c8eca3549126"
Content-Type: text/html
Content-Length: 190
Server: AmazonS3

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>My Website Home Page</title>
</head>
<body>
  <h1>Welcome to my website</h1>
  <p>Now hosted on Amazon S3!</p>
</body>
</html>

S3 レベルで www. のついたバケットを www. のついていないバケットにリダイレクトさせる。(aws s3 put-bucket-website)

$ cat redirect.json
{
    "RedirectAllRequestsTo": {
        "HostName": "x12345.com"
    }
}

$ aws s3api put-bucket-website --bucket www.x12345.com --website-configuration file://redirect.json
$ aws s3api get-bucket-website --bucket www.x12345.com
{
    "RedirectAllRequestsTo": {
        "HostName": "x12345.com"
    },
    "IndexDocument": {},
    "ErrorDocument": {},
    "RoutingRules": []
}

実際にリダイレクトされることを確認

$ curl -D - www.x12345.com.s3-website-us-east-1.amazonaws.com
HTTP/1.1 301 Moved Permanently
x-amz-id-2: 1zxH2RFmKDs0cL1CBaFJlTqpQx7SZrIBa8mrziycDg34Ql71w9Kcivce0L/rvhEi
x-amz-request-id: 010A3025954A61C3
Date: Sun, 23 Mar 2014 09:41:21 GMT
Location: http://x12345.com/
Content-Length: 0
Server: AmazonS3

レスポンスステータスの 301 と Location ヘッダーから設定通りにリダイレクトされていることがわかる。

Step 3: Create and Configure Amazon Route 53 Hosted Zone

AWS Route 53 を AWS CLI からゴニョゴニョする。

Step 3.1: Create a Hosted Zone for Your Domain

まずはドメインの登録。(aws route53 create-hosted-zone)
--caller-reference には追加するドメインごとに ID を設定(リトライ時は使いまわす)。

CallerReference (Required)

A unique string that identifies the request and that allows failed CreateHostedZone requests to be retried without the risk of executing the operation twice. You must use a unique CallerReference string every time you create a hosted zone. CallerReference can be any unique string; you might choose to use a string that identifies your project, such as MyDNSMigration_01.
http://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateHostedZone.html#create-hosted-zone-request-caller-reference

(自分は $ uuid -v 4 で生成した)

$ aws route53 create-hosted-zone --name x12345.com --caller-reference 43cc
{
    "Location": "https://route53.amazonaws.com/2013-04-01//hostedzone/DUMMY",
    "HostedZone": {
        "ResourceRecordSetCount": 2,
        "CallerReference": "43cc",
        "Config": {},
        "Id": "/hostedzone/DUMMY",
        "Name": "x12345.com."
    },
    "ChangeInfo": {
        "Status": "PENDING",
        "SubmittedAt": "2014-03-22T18:07:05.324Z",
        "Id": "/change/CRXM9WQ02FVZO"
    },
    "DelegationSet": {
        "NameServers": [
            "ns-1416.awsdns-49.org",
            "ns-581.awsdns-08.net",
            "ns-1897.awsdns-45.co.uk",
            "ns-158.awsdns-19.com"
        ]
    }
}
$ aws route53 list-hosted-zones
{
    "HostedZones": [
        {
            "ResourceRecordSetCount": 4,
            "CallerReference": "43cc",
            "Config": {},
            "Id": "/hostedzone/DUMMY",
            "Name": "x12345.com."
        }
    ]
}

ドメインにデフォルトで追加されるレコードを確認

$ aws route53 list-resource-record-sets --hosted-zone-id "/hostedzone/DUMMY"
{
    "ResourceRecordSets": [
        {
            "ResourceRecords": [
                {
                    "Value": "ns-1416.awsdns-49.org."
                },
                {
                    "Value": "ns-581.awsdns-08.net."
                },
                {
                    "Value": "ns-1897.awsdns-45.co.uk."
                },
                {
                    "Value": "ns-158.awsdns-19.com."
                }
            ],
            "Type": "NS",
            "Name": "x12345.com.",
            "TTL": 172800
        },
        {
            "ResourceRecords": [
                {
                    "Value": "ns-1416.awsdns-49.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
                }
            ],
            "Type": "SOA",
            "Name": "x12345.com.",
            "TTL": 900
        }
    ]
}

Step 3.2: Add an Alias Record to the Hosted Zone

Step 3.3: Add a CNAME Record to the Hosted Zone

A レコード(www.x12345.com ドメインと S3 バケットの紐付け)と CNAME レコード(www.x12345.com バケットのリダイレクト先)を追加(aws route53 change-resource-record-sets)
対象のドメインは引数 --hosted-zone-id で route 53 が採番した ID を指定。
Action には CREATE 以外にも DELETE または UPSERT も設定できる。

$ cat dns_record.json
{
  "Comment": "update s3 bucket",
  "Changes": [
    {
    "Action": "CREATE",
    "ResourceRecordSet": {
        "Name": "x12345.com.",
        "Type": "A",
        "AliasTarget": {
                "HostedZoneId": "Z3AQBSTGFYJSTF",
                "EvaluateTargetHealth": false,
                "DNSName": "s3-website-us-east-1.amazonaws.com."
          }
        }
    },
    {
    "Action": "CREATE",
    "ResourceRecordSet": {
        "Name": "www.x12345.com.",
        "Type": "CNAME",
        "TTL": 3600,
        "ResourceRecords": [
            {
                "Value": "www.x12345.com.s3-website-us-east-1.amazonaws.com"
            }
        ]
      }
    }
  ]
}

$ aws route53 change-resource-record-sets --hosted-zone-id "/hostedzone/DUMMY"  --change-batch file://dns_record.json
{
    "ChangeInfo": {
        "Status": "PENDING",
        "Comment": "update s3 bucket",
        "SubmittedAt": "2014-03-23T09:50:09.626Z",
        "Id": "/change/DUMMY"
    }
}

$ aws route53 list-resource-record-sets --hosted-zone-id "/hostedzone/DUMMY"
{
    "ResourceRecordSets": [
        {
            "AliasTarget": {
                "HostedZoneId": "Z3AQBSTGFYJSTF",
                "EvaluateTargetHealth": false,
                "DNSName": "s3-website-us-east-1.amazonaws.com."
            },
            "Type": "A",
            "Name": "x12345.com."
        },
        {
            "ResourceRecords": [
                {
                    "Value": "ns-1416.awsdns-49.org."
                },
                {
                    "Value": "ns-581.awsdns-08.net."
                },
                {
                    "Value": "ns-1897.awsdns-45.co.uk."
                },
                {
                    "Value": "ns-158.awsdns-19.com."
                }
            ],
            "Type": "NS",
            "Name": "x12345.com.",
            "TTL": 3600
        },
        {
            "ResourceRecords": [
                {
                    "Value": "ns-1416.awsdns-49.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
                }
            ],
            "Type": "SOA",
            "Name": "x12345.com.",
            "TTL": 900
        },
        {
            "ResourceRecords": [
                {
                    "Value": "www.x12345.com.s3-website-us-east-1.amazonaws.com"
                }
            ],
            "Type": "CNAME",
            "Name": "www.x12345.com.",
            "TTL": 3600
        }
    ]
}

Step 4: Switch to Amazon Route 53 as Your DNS Provider

Route53 の Delegation Set にある DNS をレジストリサービスに登録。
dig で設定が反映されていることを確認

$ dig +recurse +trace www.x12345.com any

; <<>> DiG 9.8.1-P1 <<>> +recurse +trace www.x12345.com any
...[snip]
;; Received 492 bytes from 192.203.230.10#53(192.203.230.10) in 126 ms

x12345.com.             172800  IN      NS      ns-158.awsdns-19.com.
x12345.com.             172800  IN      NS      ns-581.awsdns-08.net.
x12345.com.             172800  IN      NS      ns-1897.awsdns-45.co.uk.
x12345.com.             172800  IN      NS      ns-1416.awsdns-49.org.
;; Received 201 bytes from 192.35.51.30#53(192.35.51.30) in 188 ms

www.x12345.com.         300     IN      CNAME   www.x12345.com.s3-website-us-east-1.amazonaws.com.
x12345.com.             3600    IN      NS      ns-1416.awsdns-49.org.
x12345.com.             3600    IN      NS      ns-158.awsdns-19.com.
x12345.com.             3600    IN      NS      ns-1897.awsdns-45.co.uk.
x12345.com.             3600    IN      NS      ns-581.awsdns-08.net.
;; Received 229 bytes from 205.251.192.158#53(205.251.192.158) in 59 ms

Step 5: Testing

まずはリダイレクト設定したバケットにS3固有のホスト名でアクセス。
x12345.com にリダイレクトされることを確認。
curl はデフォルトではリダイレクトしないので -L オプションをつける。

$ curl -L -D - www.x12345.com.s3-website-us-east-1.amazonaws.com
HTTP/1.1 301 Moved Permanently
x-amz-id-2: VzaRl77xfH3E6adcogSa/uFo0BGFkr5pOZc4C+CLgGp7unz0Z2i1Xpqb3xeBZXbn
x-amz-request-id: A6249130A5228E0E
Date: Sun, 23 Mar 2014 09:40:38 GMT
Location: http://x12345.com/
Content-Length: 0
Server: AmazonS3

HTTP/1.1 200 OK
x-amz-id-2: XYhv/ykf5MqRx2DKi1luUIxCLAiR5qNsSgWuGPZahUjI705VKMjQsUKmVhA1wErY
x-amz-request-id: F04EDEEB751AEF3D
Date: Sun, 23 Mar 2014 09:40:38 GMT
Last-Modified: Sun, 23 Mar 2014 09:34:20 GMT
ETag: "26cdfa42b4e185728ad5c8eca3549126"
Content-Type: text/html
Content-Length: 190
Server: AmazonS3

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>My Website Home Page</title>
</head>
<body>
  <h1>Welcome to my website</h1>
  <p>Now hosted on Amazon S3!</p>
</body>
</html>

ドメイン x12345.com にアクセス
リダイレクトなしに、コンテンツがそのまま表示される。

$ curl -L -D - http://x12345.com
HTTP/1.1 200 OK
x-amz-id-2: TVQlruh88rH7+ar0oEbrx7ho1RQ3GaCgj5QHxUQ+t52Ty70Y9Os4bOCOA7WxcTfe
x-amz-request-id: 87914F5207AD198A
Date: Sun, 23 Mar 2014 09:41:58 GMT
Last-Modified: Sun, 23 Mar 2014 09:34:20 GMT
ETag: "26cdfa42b4e185728ad5c8eca3549126"
Content-Type: text/html
Content-Length: 190
Server: AmazonS3

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>My Website Home Page</title>
</head>
<body>
  <h1>Welcome to my website</h1>
  <p>Now hosted on Amazon S3!</p>
</body>
</html>

ドメイン http://www.x12345.com にアクセス
リダイレクト後 x12345.com バケットのコンテンツがかえってくる

$ curl -L -D - http://www.x12345.com
HTTP/1.1 301 Moved Permanently
x-amz-id-2: BzHUb8gCwpEF9oqGRb8IUXDBMtP5I5xGd7Utn1QBK4dl/+rYOQgM5u/TW0Qcq9l+
x-amz-request-id: 9CF08DCB4A54FC7F
Date: Sun, 23 Mar 2014 09:41:52 GMT
Location: http://x12345.com/
Content-Length: 0
Server: AmazonS3

HTTP/1.1 200 OK
x-amz-id-2: 2LjIw1jhBy9PFkobGlxsUmYgl5QFEGEWp1UQ3xvOfh6T50uYYwXaewMjbgp124Dp
x-amz-request-id: A9F40892C39E229D
Date: Sun, 23 Mar 2014 09:41:53 GMT
Last-Modified: Sun, 23 Mar 2014 09:34:20 GMT
ETag: "26cdfa42b4e185728ad5c8eca3549126"
Content-Type: text/html
Content-Length: 190
Server: AmazonS3

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>My Website Home Page</title>
</head>
<body>
  <h1>Welcome to my website</h1>
  <p>Now hosted on Amazon S3!</p>
</body>
</html>

期待通りに表示された。

Advertisements
Tagged with: , ,
Posted in aws

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
%d bloggers like this: