{"id":89,"date":"2025-02-05T03:08:35","date_gmt":"2025-02-05T03:08:35","guid":{"rendered":"https:\/\/ericcentric.com\/?page_id=89"},"modified":"2025-11-24T20:25:39","modified_gmt":"2025-11-24T20:25:39","slug":"host-static-content-from-s3","status":"publish","type":"page","link":"https:\/\/ericcentric.com\/?page_id=89","title":{"rendered":"S3 media \/ ALB routing"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1546\" height=\"607\" src=\"https:\/\/ericcentric.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-04-220534.png\" alt=\"\" class=\"wp-image-88\"\/><\/figure>\n\n\n\n<p>Working on creating a bucket that will store the images for this site.<\/p>\n\n\n\n<p>Also, I wanted to allow my web server to be able to get new updates from the internet via NAT. <span style=\"text-decoration: underline;\">It turns out that I can&#8217;t do this if my web server is in the same subnet as my NAT instance<\/span>; <\/p>\n\n\n\n<p>This is due to route table limitations &#8211; The route table can either point to the internet gateway (which is needed for the NAT instance) or the Cloudfront interface (which is needed for HTTPS traffic from the EC2) &#8211; the route table cannot do both. I&#8217;ll have to place the web server in it&#8217;s own private subnet and then route the non-HTTPS traffic to the NAT instance.<\/p>\n\n\n\n<p>The ALB is needed(**) to allow cloudfront to serve my website once the web server is placed into a private subnet.<\/p>\n\n\n\n<p><strong>**As of November 20, 2025 &#8211; AWS released <\/strong><a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/introducing-cloudfront-virtual-private-cloud-vpc-origins-shield-your-web-applications-from-public-internet\/\" data-type=\"link\" data-id=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/introducing-cloudfront-virtual-private-cloud-vpc-origins-shield-your-web-applications-from-public-internet\/\"><strong>Cloudfront (VPC<\/strong>) Origins<\/a> which allows Cloudfront to deliver static content from private networks\/subnets. So I don&#8217;t need the ALB anymore. Another project for another day.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Working on creating a bucket that will store the images for this site. Also, I wanted to allow my web server to be able to get new updates from the internet via NAT. It turns out that I can&#8217;t do this if my web server is in the same subnet as my NAT instance; This [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-89","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/ericcentric.com\/index.php?rest_route=\/wp\/v2\/pages\/89","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ericcentric.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ericcentric.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ericcentric.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ericcentric.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=89"}],"version-history":[{"count":4,"href":"https:\/\/ericcentric.com\/index.php?rest_route=\/wp\/v2\/pages\/89\/revisions"}],"predecessor-version":[{"id":197,"href":"https:\/\/ericcentric.com\/index.php?rest_route=\/wp\/v2\/pages\/89\/revisions\/197"}],"wp:attachment":[{"href":"https:\/\/ericcentric.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=89"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}