This was presented as a PD session on 2024-07-26.
- Create a new repository
- https://github.com/new
- Owner
- SignalWhisperer
- Repository name
- pd-session-2024-07-26
- Private
- Create hosted zone
- Domain name
- my-awesome-website.example.com
- Domain name
- Delegate the DNS name
- Copy the NS records
- Create NS records in the parent hosted zone
- Create bucket
- Bucket name
- my-awesome-website-1234567890
- Bucket name
- Create distribution
- Origin domain
- my-awesome-website-1234567890.s3.us-west-2.amazonaws.com
- Origin path
- /
- Name
- my-awesome-website.example.com
- Origin access
- Origin access control settings (recommended)
- Origin access control
- Create new OAC
- Name
- my-awesome-website
- Name
- my-awesome-website
- Create new OAC
- Viewer
- Viewer protocol policy
- Redirect HTTP to HTTPS
- Allowed HTTP methods
- GET, HEAD
- Viewer protocol policy
- Web Application Framework (WAF)
- Do not enable security protections
- Price class
- Use only North America and Europe
- Alternate domain name (CNAME)
- my-awesome-website.example.com
- Custom SSL certificate
- Request certificate
- Fully qualified domain name
- my-awesome-website.example.com
- Fully qualified domain name
- Create records in Route 53
- Wait for certificate to be issued
- Request certificate
- Default root object
- index.html
- Origin domain
- Copy policy
- Go to S3 bucket
- Permissions
- Edit Bucket policy
- Paste policy
- Create record
- Name
- leave blank
- Type
- A
- Alias
- true
- Route traffic to
- Alias to CloudFront distribution
- my-awesome-website.example.com
- Name
- Add another record
- Name
- leave blank
- Type
- AAAA
- Alias
- true
- Route traffic to
- Alias to CloudFront distribution
- my-awesome-website.example.com
- Name
- Create role
- Trusted entity type
- Web identity
- Identity provider
- Create new
- Provider type
- OpenID Connect
- Provider URL
- Audience
- sts.amazonaws.com
- Provider type
- Create new
- Identity provider
- tokens.actions.githubusercontent.com
- Audience
- sts.amazonaws.com
- GitHub organization
- SignalWhisperer
- Role name
- MyAwesomeWebsiteAutomation
- Trusted entity type
- View role
- Permissions policies > Add permissions > Create inline policy
- Service
- S3
- Actions allowed
- ListBucket
- GetBucketLocation
- Resources
- Resource bucket name
- my-awesome-website-1234567890
- Resource bucket name
- Service
- Add more permissions
- Service
- S3
- Actions allowed
- PutObject
- GetObject
- DeleteObject
- Resources
- Resource bucket name
- my-awesome-website-1234567890
- Resource object name
- Any object name
- Resource bucket name
- Service
- Policy name
- S3Sync
- Permissions policies > Add permissions > Create inline policy
- Service
- CloudFront
- Actions allowed
- CreateInvalidation
- Resource distribution
- (enter distribution id)
- Policy name
- CFInvalidation
- Service
- Permissions policies > Add permissions > Create inline policy
- Repository Settings
- Secrets and variables > Actions
- Secrets
- AWS_ROLE_TO_ASSUME
- arn:aws:iam::1234567890:role/MyAwesomeWebsiteAutomation
- AWS_S3_BUCKET
- my-awesome-website-1234567890
- AWS_CLOUDFRONT_DISTRIBUTION
- (enter distribution id)
- AWS_ROLE_TO_ASSUME
- Variables
- AWS_REGION
- us-east-1
- AWS_REGION
- Secrets
- See local code
- Commit
- Push
- Go to GitHub Actions