Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!
How do I use Amazon S3 to host a static website that uses API Gateway as the proxy?
I want to use Amazon API Gateway to create an API as a proxy for my static website and host the website on Amazon Simple Storage Service (Amazon S3).
Resolution
HTTP proxy integration
If your static website is publicly accessible, then use HTTP integration and provide the S3 static website URL for the API.
First, configure a static website on Amazon S3. Then, use the API Gateway console to create a REST API and a method for the root resource, and deploy your REST API.
Create a REST API
Complete the following steps:
- For REST API, choose Build.
- For API name, enter a name for your REST API.
- On the Endpoint type menu, choose your endpoint type, and then choose Create API.
- In the navigation pane, choose Resources under your API's name.
- On the Actions meu, choose Create resource.
- For Resource name, enter a name, for example key.
- For Resource rath, enter a path parameter, for example {key}.
- Choose Create resource.
Create the method for the root resource
Complete the following steps:
- Choose the resource name {key}b.
- On the Actions menu, choose Create method.
- On the {key} menu, choose GET, and then choose the check mark icon.
- For Integration type, choose HTTP, select Use HTTP Proxy integration, and then keep HTTP method as GET.
- For Endpoint URL, enter http://BUCKET_NAME.s3-website.REGION.amazonaws.com/{key}, and then choose Save.
Deploy the REST API
Complete the following steps:
-
On the Actions menu, choose Deploy API.
-
On the Deployment stage menu, choose [New Stage].
-
For Stage name, enter a name, for example Dev.
-
Choose Deploy.
-
From the Dev Stage Editor, note the invoke URL to test your API.
-
Run the following command to test the API proxy for your Amazon S3 website:
curl -X GET https://API_ID.execute-api.REGION.amazonaws.com/index.htmlNote: Replace the example URL with your invoke URL.
AWS service integration
Configure the Amazon S3 static website
If your Amazon S3 static website is blocked from public access, then configure the website so that it's accessed only from the API proxy.
Complete the following steps:
-
Configure a static website on Amazon S3.
Note: When you're configuring the static website, skip step 3. Keep the default Block all public access setting turned on. -
Modify the bucket policy in step 4 to allow the API proxy to access only the Amazon S3 bucket:
{ "Version": "2012-10-17", "Statement": [{ "Sid": "APIProxyBucketPolicy", "Effect": "Allow", "Principal": { "Service": "apigateway.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::BUCKET_NAME/*", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:execute-api:REGION:ACCOUNT:API_ID/*/GET/" } } }] } -
Create an AWS Identity and Access Management (IAM) policy to allow the GetObject API to the Amazon S3 bucket:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:GetObject"], "Resource": "*" }] } -
Create an IAM role, and then attach the preceding IAM policy.
-
Note the IAM role's ARN to use in a later step.
The IAM role must contain the following trust policy for API Gateway to assume the role:{ "Version": "2012-10-17", "Statement": [{ "Sid": "", "Effect": "Allow", "Principal": { "Service": "apigateway.amazonaws.com" }, "Action": "sts:AssumeRole" }] }
Use the API Gateway console to complete the following steps.
Create a REST API proxy for the Amazon S3 service
Complete the following steps:
- Choose Create API.
- Choose REST API, and then choose Build.
- For API name, enter a name for your REST API.
- For Endpoint type, choose the endpoint type based on where the majority of client traffic originates from.
Note: It's a best practice to use edge-optimized endpoints for public services that are accessed from the internet. Regional endpoints are used primarily for APIs that are accessed from within the same AWS Region. - Choose Create API.
Create GET method for the root resource
To configure the root method for proxy requests to Amazon S3 static websites, complete the following steps:
- Select root resource "/".
- On the Actions menu, choose Create method.
- Choose GET, and then choose the check mark icon.
- For Integration type, choose AWS service.
- On the AWS Region menu, choose your Region.
- On the AWS service menu, choose Simple Storage Service (S3).
- For AWS Subdomain, keep the field blank.
- For HTTP method, select GET.
- For Action type, choose Use path override.
- For Path override, enter the Amazon S3 bucket path, for example BUCKET_NAME/index.html.
- For Execution role, enter the IAM role's ARN.
- Choose Save.
This setup integrates the frontend GET API request https://your-api-host/stage/ to the GET S3 backend https://your-s3-host/index.html.
Create an API resource object
To access specific objects from an S3 bucket, create a resource that's named {object} that maps the object path in the frontend API request. For example, map GET https://your-api-host/stage/home.html to the GET S3 backend https://your-s3-host/home.html.
Complete the following steps:
- Choose Resources.
- On the Actions menu, choose Create resource.
- For Resource name, enter a name, for example {object}.
- For Resource Path, enter a path, for example {object}.
- Choose Create resource.
Configure a GET method for the resource
Complete the following steps:
- Select the {object}.
- On the Actions menu, choose Create method.
- Choose GET, and then choose the check mark icon.
- For Integration type, choose AWS service.
- On the AWS Region menu, choose your Region.
- On the AWS service menu, choose Simple Storage Service (S3).
- For AWS subdomain, keep the field blank.
- For HTTP method, choose GET.
- For Action type, choose Use path override.
- For Path override, enter your Amazon S3 bucket path, for example BUCKET_NAME/{object}.
- For Execution role, enter the IAM role's ARN.
- Choose Save.
- Choose GET for the Resource name {object}, and then choose Integration request.
- Expand URL path parameters, enter a name value object and mapped from value method.request.path.object, and then select the check box to save.
Set up the response header mappings for the GET method
Map the backend content type header parameter value to the frontend counterpart so that the browser successfully processes the response with the content type.
Complete the following steps:
- Choose GET.
- Under Resources /, choose Method response.
- Expand the arrow next to HTTP Status 200.
- Under Response Headers for 200, choose Add header.
- Choose the header Name as Content-Type, and then select the check box to save.
- Choose Method execution.
- Choose Integration response, and then expand the arrow next to HTTP status regex.
- Expand Header mappings.
- For Content-Type, enter the mapping value as integration.response.header.Content-Type.
- Repeat steps 1-6 for the GET method under Resource /{object}.
- Repeat the steps in the Deploy the REST API section of this article.
Test the API proxy
To test the API proxy for your Amazon S3 static website, use a browser or a curl command:
Root (/) resource
curl -X GET https://API_ID.execute-api.REGION.amazonaws.com/STAGE_NAME/
{Object} resource
curl -X GET https://API_ID.execute-api.REGION.amazonaws.com/STAGE_NAME/home.html
Related information
Tutorial: Create a REST API as an Amazon S3 proxy
Hosting a static website using Amazon S3
Under Create the Method for the Root Resource step 4 it will not allow me to enter http://.s3-website-.amazonaws.com/{key} for endpoint URL. Is there something else I should add?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
There seems to be a typo in "Configure a GET method for the resource" section, pt.9 "For Path override, enter your Amazon S3 bucket path similar to <bucket_name>/{object.".
The typo is - ' {object. ' Correction - ' {object} '
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
The API gateway was returning content-type: application/json despite the s3 content type being set correctly. This was causing the page to display as text instead of rendered html by the browser. To resolve this, I added a header mapping to the 200 response:
method.response.header.Content-Type: "integration.response.header.Content-Type"
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Hello! Thank you for this article. It has been a huge help. I've got it working so that I can launch the index.html page on my non-public S3 bucket! The one issue I'm having, is that none of the images are loading in the index.html (each fails to load with a access forbidden). Does this have something to do with the step where we create the API Resource Object? The images are in the root/img "folder" of the S3 bucket. I'm not sure how to create a resource for the images. Any help is greatly appreciated!
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked a year ago
- asked 6 days ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 months ago
