Recently, I needed to host static content internally to be used by multiple services running on private networks within an AWS VPC. Although I had an idea of how to do it, I always like to browse the inter-webz to see in which other ways I can achieve the same goal, or at least to validate my idea.

It didn’t take much google-fu to find at least two articles explaining how to do it. One on the AWS blog here and another on Medium here.

Being that lazy guy I am, the first thing I did was start writing everything in Terraform. Then, I was taken by the next level of laziness… If the load balancer routes traffic to the S3 endpoint and the endpoint goes to the corresponding S3 bucket for the host, this means that, in theory, I can reuse this infrastructure to serve an unlimited number of static websites, simplifying the process of creating internal websites for various purposes without increasing costs for each new internal site. To do this, I just had to change the certificate to a wildcard ACM certificate to serve the internal sites. This way, for each new internal site, you only need to create the S3 bucket with the corresponding domain and the DNS record pointing towards the internal load balancer.

Here is a version of the original diagram for this case:

s3internal-websites

If you prefer, you can also check out the Terraform scripts I made available at github.com/coolapso/tf-s3-internal-websites. Needless to say that, even though functional, the Terraform example is merely illustrative and should not be used in production.

I also think it’s relevant to emphasize that to use AWS ACM with DNS validation, you need to use a public DNS zone that resolves to private IPs. And before the more paranoid ones start jumping out of their chairs, my goal is just to highlight that it is possible to achieve this and how to get it done. There are, for sure, some other alternatives you can opt for, such as generating private certificates and managing them manually.

And that’s it, just like that, it’s possible to reuse infrastructure, keep the process simple, and avoid unnecessary costs with extra resources dedicated to each website.

If you found this post useful or have any questions, don’t hesitate to contact me through various means. You know where to find me.