Skip to main content

How To: Configure AWS for Website Releases

Updated

This document outlines the initial configuration process needed to establish, using Amazon Web Services, a functioning deployment environment for Website Releases generated by the MediaStorm Platform.

The approach described here is “serverless.” Using a combination of AWS services including S3, Lambda, and CloudFront, it is possible to assemble a configuration that requires no actual server instances. This setup is low-maintenance, low-cost, and highly scalable.

Contents:

I. S3 Bucket Configuration
II. IAM Configuration
III. Lambda Configuration
IV. CloudFront Configuration
VI. DNS Configuration
VII. MediaStorm Platform Integration

I. S3 Bucket Configuration

Create an S3 bucket to store the generated project files. Configure S3 from the AWS web management console’s S3 service page. Please note that each individual Website Release should have its own dedicated S3 bucket.

  1. Click Create bucket, and enter a bucket name of your choice. At several points in this document you will encounter red text that reads my-bucket-name. Substitute the bucket name you created here in each of those instances.
  2. Click through the remaining screens of the wizard, accepting the default values.

II. IAM Configuration

Configure access roles and permissions in the AWS console’s IAM service page.

Configure S3 permissions

  1. Select Policies in the left sidebar, and click the button labeled Create policy.
  2. Switch to the JSON tab, and enter the following text (replacing my-bucket-name with the bucket name you entered previously): 
    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::my-bucket-name",
        "arn:aws:s3:::my-bucket-name/*"
      ]
    }
  ]
}
  3. Click Review Policy, and give the policy the name my-bucket-name-s3-policy. Click Create policy to save changes.
  4. Select Users in the left sidebar, and click the button labeled Add user.
  5. Enter a user name of your choice. In this context, the user name is for reference only and is not actually an access credential.
  6. Tick the checkbox labeled Programmatic access, and proceed to the next page.
  7. Select the tab labeled Attach existing policies directly.
  8. Locate the policy created in the previous steps by entering my-bucket-name-s3-policy in the search input. Tick its checkbox, and proceed to the next page.
  9. Proceed to the next page again, leaving the “tags” fields blank.
  10. Click Create user to save. On the next page, make a note of the Access key ID and Secret access key values. You will need these credentials when connecting with the MediaStorm Platform. The Secret access key is only displayed once, so it is critical to record it at this stage.

III. Lambda Configuration

Note: The Lambda configuration described below only needs to be performed once. The existing function can then be reused with subsequent Website Releases. Complete the steps in this section only if you have not already completed them for a prior Website Release.

Under this configuration, an AWS Lambda function is used to intercept incoming user requests and apply additional custom behavior. This allows the client-side URL routing strategy employed by Website Releases to work properly.

Configure Lambda functions from the AWS console’s Lambda service page.

  1. In the toolbar near the top right corner of the page, ensure the AWS region drop-down menu displays “N. Virginia”. If a different region name is displayed, click it to open the region menu and choose “US East (N. Virginia)” from the list.
  2. Select Functions in the left sidebar, and click the button labeled Create function.
  3. Select the Author from scratch tab.
  4. Enter “mediastorm-website-release” in the Function name field.
  5. Set the Runtime to “Node.js 12.x”.
  6. Under the Permissions heading, click “Choose or create an execution role” to reveal additional options.
  7. Set Execution role to “Create a new role from AWS policy templates”.
  8. In the Role name field, enter “lambda-edge-role”.
  9. From the Policy templates menu, select “Basic Lambda@Edge permissions (for CloudFront trigger)”.
  10. click Create function.
  11. Under the Function code heading, set the Code entry type option to “Edit code inline.”
  12. In the code editor interface, delete all text from the index.js tab and replace it with the following: 
    const path = require('path');

exports.handler = (event, context, callback) => {
  const { request } = event.Records[0].cf;
  const { ext } = path.parse(request.uri);

  if (ext === '') {
    request.uri = '/index.html';
  }

  return callback(null, request);
};
  13. Click Save.
  14. From the Actions menu, choose “Publish new version.” Enter any value in the Version description field, and click Publish.
  15. Record the ARN code (beginning with arn:aws:lambda:) near the top right corner of the window, for use later.

IV. CloudFront Configuration

CloudFront will serve as the public-facing layer in this configuration, accepting incoming requests from users and serving the files stored in S3 in response. Please note that each individual Website Release should have its own dedicated CloudFront distribution.

Choose a Domain Name

Choose a domain name for your CloudFront distribution. The domain name affects the URL where your Website Release will be hosted. You have the option to use either the default CloudFront domain, which will result in URLs that contain a random sequence of characters followed by .cloudfront.net, or a custom domain that you control (for example, myproject.mycompany.com). In order to use a custom domain, you must also configure an SSL certificate and DNS record as described below.

To use a custom domain:

  • Choose a subdomain of a domain you control to reserve for use with your Website Release, for example: myproject.mycompany.com. You may choose any subdomain you like, as long as it is not already used for another purpose.
  • Use the AWS Certificate Manager interface to import an existing SSL certificate or request a new certificate:
    • If you have an existing certificate that covers the domain you wish to use, import it into ACM using the method described here: Import a Certificate.
    • If you do not have an existing certificate, you can use AWS Certificate Manager to request one. Certificates issued by ACM are free of charge when used exclusively with AWS services (CloudFront, in this case). Follow the method described here to request a certificate: Request a Public Certificate.

Create a CloudFront Distribution

Configure CloudFront from the console’s CloudFront service page.

  1. Click the button labeled Create Distribution, and choose the “Web” option in the resulting prompt.
  2. Complete the fields as outlined in the tables below. Any fields not listed may be left at their default values.
    Field Value
    Origin Domain Name my-bucket-name.s3.amazonaws.com (The value should appear in an autocomplete menu when the field is in focus)
    Origin ID (This field should populate automatically when Origin Domain Name is set)
    Restrict Bucket Access Yes
    Origin Access Identity Create a New Identity
    Grant Read Permissions on Bucket Yes, Update Bucket Policy
    Viewer Protocol Policy Redirect HTTP to HTTPS
    Query String Forwarding and Caching Forward all, cache based on all
    Compress Objects Automatically Yes
    Lambda Function Associations *See note below
    Price Class Optionally adjust this setting to lower bandwidth costs. See the CloudFront pricing page for more information.
    Alternate Domain Names (CNAMEs) Enter the custom domain name you selected, or leave blank to use the default CloudFront domain.
    SSL Certificate If using a custom domain name, select the “Custom SSL Certificate” option, highlight the text input field that appears, and select the name of the SSL certificate you created in a previous step.
    Logging Leave off to disable access logging, or optionally configure an S3 bucket for log storage.

    *Note: Lambda Function Associations - Attach the Lambda function created in a previous step to the CloudFront distribution:

    • Set Event Type to “Origin Request” and Lambda Function ARN to the ARN code of the mediastorm-website-release function created earlier.
  3. Click Create Distribution to accept the settings and begin deploying your distribution. It may take up to 15 minutes for the changes to take effect.

VI. DNS Configuration

Note: Complete the steps in this section only if you are using a custom domain with your CloudFront distribution.

Configure DNS records with the DNS service provider responsible for the relevant domain.

  1. In the AWS console’s CloudFront Distributions list, locate the distribution created in the previous section, and make note of its Domain Name value.
  2. Using your DNS service provider’s control panel, add a CNAME record directing the custom domain you configured previously to the CloudFront distribution domain name (ending in .cloudfront.net). The exact method for adding a DNS record varies depending on your service provider. Please refer to your provider’s support documentation for guidance.

VII. MediaStorm Platform Integration

Once the above configuration steps are complete, you are ready to connect your AWS resources with the MediaStorm Platform. You will need the following values, generated during the configuration process:

  • S3 bucket name
  • Access key ID
  • Secret access key
  • CloudFront distribution domain name

With this information in hand, proceed to the steps outlined here:

Connect an Amazon Web Services S3 Bucket »