动态Route53子域转发

Question

I'm trying to redirect a Route53 domain to another Route53 domain, while maintaining the subdomain.

I have a Route 53 hosted zone for example.com that contains my main website.

I have another Route 53 hosted zone for example.co.uk which I redirect to example.com using the S3 static website redirection rules (as described on https://stackoverflow.com/a/14289082/918030 )

This works great for the root domain but I would like to map subdomains as in the following examples:

sub1.example.co.uk   -->    sub1.example.com

sub2.example.co.uk   -->    sub2.example.com

...

sub999.example.co.uk -->    sub999.example.com

I know this can be done by creating a new S3 bucket for each sub-domain and configuring the appropriate S3 static website redirection rules but I was wondering if there is a way to do this dynamically so *.example.co.uk forwards to *.example.com. Preferable without having to run a separate EC2 instance (running nginx)

Thanks!

Stijn

Answer 1

There's not a simple way to do this with any combination of off-the-shelf AWS services (excluding EC2, of course)... other than creating a unique bucket for every subdomain you want to redirect. The 100 buckets per account limit is now a soft limit rather than a hard limit, so you now can -- by presenting a reasonable use case -- request that AWS support increase your bucket limit.

That doesn't solve the problem of having to provision them, of course, though a single wildcard CNAME in Route 53 would allow you to route then en masse to S3, using the root regional website endpoint as the target, at least the way S3 works at the moment, which means relying on some undocumented S3 behavior that seems unlikely to change, but could change nevertheless.

Requests for hostnames not matching already-created buckets would still go to S3 and return a "NoSuchBucket" error, which presents an issue of its own... in fact, it's food for thought in your pursuit of wildcards.

Two paragraphs back, I mentioned leveraging some undocumented behavior with a wildcard CNAME pointing to S3. Imagining being called out by would-be commenters who have read the documentation but have not experimented with the actual behavior of S3, I set up a wildcard CNAME in one of my Route 53 hosted zones, pointing *.mysterystring.example.com to s3-website-us-west-2.amazonaws.com . This is not how the documentation says you should do it, but sure enough, that works exactly as I anticipated... whatever you put in place of the * , if you have a bucket named after the full domain name in us-west-2, S3 serves it up, on request. If not, it's a "NoSuchBucket" error, complete with the bucket name S3 tried to find, but couldn't. So, why didn't I mention the actual test setup domain to prove my point? Well... Anybody sniffing around could create a bucket using one of unused hostnames matching that wildcard, and have a web site at my domain, hosted in S3 with that setup with no configuration on my part and without my knowledge. (!?) Sure, they'll be billed for the bucket, but hey, free domain squatting! The next thing you know, they're impersonating me, stealing customers, who knows?

So, red flag: do beware the implications of wildcard-redirecting unprovisioned resources.

On the other hand, if you want to redirect everything (and you take steps to make sure the destination is genuinely a dead-end that can't be surreptitiously claimed for unused hostnames), an EC2 instance wouldn't be a bad deal. A t2.micro can easily service hundreds of thousands of lightweight requests, like redirects, per day (I have one that routinely handles over 300k/day and always has spare CPU credits) for < $10/mo.