Amazon Web Services (AWS) is currently the market leader in hosted cloud provision. But you might not be aware that it can also be a hosting platform for your websites. This article considers how to set up a site using AWS – and how it can be kept secure.
AWS and S3
You’ll first need to set up an Amazon Web Services account – either by logging in with your details if you’re an existing Amazon user, or by registering with your personal and credit card information on the new user registration form at the AWS website.
Once you’ve selected a support plan (there’s a Basic free package, then it’s “pay as you go”), you’ll gain access to the AWS Management Console, and its various options.
For basic website hosting, you’ll need to click on Amazon’s Simple Storage Service, otherwise known as S3. This is a storage area for virtually any kind of file, and a base from which you can publish Web pages.
Stick Them in the Bucket
S3 files must be uploaded to your Bucket, which is Amazon’s Web-based file folder. When you click the link to Create Folder you will reserve a space on the AWS servers to upload data to.
Each file you upload (HTML, picture, or whatever) will have a unique IP address. But you won’t be able to view them outside the Management Console in your browser unless you set their access to Public. And you won’t have a website until you give AWS the go-ahead.
Give them Static
To make your website visible, you’ll have to Make Public all the files you upload, and set the Properties of your S3 Bucket to Static Website Hosting. Standard designations like index.html for your homepage and 404.html for error pages apply.
Static websites may consist of documents formatted as HTML, JavaScript, and CSS. Scripts like PHP or Rails aren’t supported on Amazon’s S3 servers.
Also Dynamics
Beyond the Basic plan, there’s scope for hosting Web-based applications and dynamic sites using both static and streaming (video, audio, etc.) content. Amazon CloudFront is the division of AWS in question, and it integrates closely with S3 and business intelligence analytics tools like Amazon Elastic Compute Cloud (Amazon EC2).
On-board Security Measures
For larger static and dynamic sites, Amazon’s Elastic Compute Cloud (EC2) uses a “Security Groups” feature to filter incoming network traffic. It’s essentially a firewall, behind which you specify the encryption protocols, port assignments and IP address ranges that are allowed access to your EC2 instances. One or more security groups may be allocated to each instance.
For data storage, Amazon S3 is your repository for redundant objects – usually static or rarely altered files like text, and images. Videos and multimedia may be streamed or edge cached through interaction with Amazon CloudFront.
Amazon Elastic Block Storage (EBS) attaches virtual volumes to EC2 instances, which act like mountable storage drives. Things like application logs and database partitions may be archived here, beyond the life of an EC2 instance. And snapshots of EBS volumes may be taken, then stored in Amazon S3.
Data held in Amazon EBS volumes, S3 storage, and Amazon SimpleDB is stored at multiple locations for redundancy, at no additional charge to customers.
AWS implements proactive monitoring via several automated online tools, to help maintain site availability and performance levels. Data centres are protected by both physical measures (security fencing, CCTV etc.) and strict access controls.
AWS IAM or AWS Identity and Access Management lets customers designate multiple users within their account, and assign unique security credentials to them, before they can gain access to AWS services. This does away with the need to share encryption keys or passwords, and lets admins decide how and when to grant users access rights.
AWS Multi-Factor Authentication or AWS MFA provides an additional layer of access control, and is specifically targeted at your Account Settings and the management of the services to which you subscribe. It’s an option requiring a dynamic six-digit code to be entered with your standard login details before access is granted to your AWS account.
In addition to Application Programming Interface (API) and Secure Sockets Layer (SSL)-protected endpoints, the AWS network works in compliance with several global security standards and third-party certifications.
Your Responsibility
That said, Amazon goes to some lengths to ensure that customers take some responsibility for security matters on their cloud network, and are playing their own part. AWS assumes what it calls a shared responsibility model when you move your IT infrastructure (or even just your website files) onto AWS.
In real terms this means that you (the customer) are responsible for maintaining and managing the guest or client operating system and software provided by AWS in respect of your account and site. That includes updating and patching, as well as properly configuring the security group firewall provided by AWS.
A Mindset for Secure Sites Under AWS
Bear in mind these factors, which set AWS cloud hosting apart from most traditional models – especially if you’re thinking of hosting applications on Amazon’s cloud:
There are firewalls, all over the place. Every host under AWS is in a state of lock-down. Especially in Amazon EC2 (where Security Groups can be created for each type of host in your network/website architecture), there are a lot of hoops to go through, and protocols to observe.
EC2 hosts are NOT static. They change and expire, all the time. Applications constructed for AWS should be designed knowing that an Amazon EBS volume will be lost should an EC2 instance fail. Flexibility should be your watchword.
Availability Zones = Multiple Data Centres. The Availability Zones set up under EC2 are dispersed both geographically and logically, and should be used to spread your data around so as to ensure your website is continuous available, and that information is backed up and up to date.
Remain aware of these limitations and opportunities, and your hosting experience in the Amazon cloud should be a smooth one.