Jump to content

Recommend Usage of Amazon S3?

AlexWright
 Share

Recommended Posts

thetrials Explorer

thetrials

Posted
Posted

Just set it up for my server. I have files going to s3 with the cloud front URL. I still have cloudflare up and running too. Trying to decide if that’s even necessary. I still have my cname records pointing at cloudflare, and the custom url setting for the storage files pointing to cloud front. Just hate how the url isn’t my site and is a cloudfront url. Seems like I’d need to point my cname to cloudfront to adjust the url?

Looking for feedback and thought. Happy holidays!

Link to comment
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Joel R
Joel R

Amazon has a calculator to computer storage costs.  Make sure you use a CDN because even though S3 is cheap for storage, it's expensive for bandwidth.   iPS has guides on setting up S3.

Ryan Ashbrook
Ryan Ashbrook

Amazon S3 for storage coupled with Amazon Cloudfront for the CDN is becoming a popular choice, yes.

Ryan Ashbrook
Ryan Ashbrook

@Lord Nowe I would recommend all, generally. You can really cut down on actual server-side HDD space requirements by pushing as much as possible to S3.

  • 2 weeks later...
ProSkill Enthusiast

ProSkill

Posted
Posted (edited)
On 12/24/2017 at 9:10 PM, thetrials said:

So an update. Figured out how to do a cname for my site so now url shows as files.xxxx.com.  Looks like all is good to go now and still have cloudflare in the mix as well. 

Did you find a guide for this? I setup S3 for images and it was costing me between $400 - $500 per month  (My VPS is only $250 per month) and it was slower than having them hosted locally. I use CloudFlare as well but i couldn't figure out how to use CloudFront for S3 files only. 

Edited by ProSkill
Link to comment
Share on other sites
AlexWright Proficient

AlexWright

Posted
  • Author
Posted
Just now, ProSkill said:

Did you find a guide for this? I setup S3 for my images and was costing me between $400 - $500 per month and it was slower than having them hosted locally. I use CloudFlare as well but i couldn't figure out how to use CloudFront for S3 files only. 

From what I remember, you need to use "create new distribution" on CloudFlare. Link that to your S3 bucket using the built in methods (I remember it being fairly easy), I left most other things default. Create the distribution and it gives you a Url (you can cname a subdomain to this, but I can't get this to display as SSL yet), plug that URL into your S3 storage method on your IPS site, and done. I'm mobile and in vacation, all I can offer at the moment.

Link to comment
Share on other sites
thetrials Explorer

thetrials

Posted
Posted
On 1/1/2018 at 10:50 PM, Lord Nowe said:

From what I remember, you need to use "create new distribution" on CloudFlare. Link that to your S3 bucket using the built in methods (I remember it being fairly easy), I left most other things default. Create the distribution and it gives you a Url (you can cname a subdomain to this, but I can't get this to display as SSL yet), plug that URL into your S3 storage method on your IPS site, and done. I'm mobile and in vacation, all I can offer at the moment.

Yup that's similar to what I did. You set up a distribution on CloudFront pointed to S3. I then added a DNS entry for images.xxxx.com. In IPS,  my endpoint still is s3.amazon.com, but at the bottom I enabled Custom URL and have the images.xxxx.com entered. Now all my images are served off of CloudFront as opposed to S3. In terms of SSL the Custom URL I'm using is https and I also set up a Custom SSL certificate in my CloudFront distribution. Once all this was set everything is now being served via CloudFront. It works pretty well. 

Hope this helps, I know it's simplistic, but once I understood it conceptually it was fairly easy to implement. 

Link to comment
Share on other sites
AlexWright Proficient

AlexWright

Posted
  • Author
Posted
4 hours ago, thetrials said:

Yup that's similar to what I did. You set up a distribution on CloudFront pointed to S3. I then added a DNS entry for images.xxxx.com. In IPS,  my endpoint still is s3.amazon.com, but at the bottom I enabled Custom URL and have the images.xxxx.com entered. Now all my images are served off of CloudFront as opposed to S3. In terms of SSL the Custom URL I'm using is https and I also set up a Custom SSL certificate in my CloudFront distribution. Once all this was set everything is now being served via CloudFront. It works pretty well. 

Hope this helps, I know it's simplistic, but once I understood it conceptually it was fairly easy to implement. 

Yep, definitely helped. Needed the custom Certificate.

Link to comment
Share on other sites
ProSkill Enthusiast

ProSkill

Posted
Posted (edited)

Just a forewarning, S3 can be insanely expensive depending on how much media you have. I switched over to S3 and it was costing me $400 - $500 per month in bandwidth fees alone, for comparison my VPS is only $250 per month. I've heard that CloudFront can reduce the charges, but Cloudfront has it's own fees as well. Also, it was significantly slower for me. Currently, I host everything on a dedicated server and use cloudflare and it works great.

Edited by ProSkill
Link to comment
Share on other sites
AlexWright Proficient

AlexWright

Posted
  • Author
Posted
1 hour ago, ProSkill said:

Just a forewarning, S3 can be insanely expensive depending on how much media you have. I switched over to S3 and it was costing me $400 - $500 per month in bandwidth fees alone, for comparison my VPS is only $250 per month. I've heard that CloudFront can reduce the charges, but Cloudfront has it's own fees as well. Also, it was significantly slower for me. Currently, I host everything on a dedicated server and use cloudflare and it works great.

Yeah, that'll probably be true. However, I personally don't allow users to upload Videos. And the images are all compressed through Kraken. My costs last month were $1.20.

Link to comment
Share on other sites
ASTRAPI Proficient

ASTRAPI

Posted
Posted (edited)
Quote

Just a forewarning, S3 can be insanely expensive depending on how much media you have.

True. It is expensive !!!

Quote

my VPS is only $250 per month

$250 for a VPS?

For 250$ i can get this dedicated server:

2x Intel® Xeon® E5 2640 v4

192 GB DDR4 ECC

5x 500 GB SSD - Hardware Raid

 

Edited by ASTRAPI
Link to comment
Share on other sites
RevengeFNF Experienced

RevengeFNF

Posted
Posted
2 hours ago, ASTRAPI said:

True. It is expensive !!!

$250 for a VPS?

For 250$ i can get this dedicated server:

2x Intel® Xeon® E5 2640 v4

192 GB DDR4 ECC

5x 500 GB SSD - Hardware Raid

 

That is from Online correct? Personally, i don't like their services, and i believe there is a reason for them to be so cheap(even cheaper than OVH).

 

Link to comment
Share on other sites
ASTRAPI Proficient

ASTRAPI

Posted
Posted

As it is not allowed to post here any providers i can't point to any of them but the general point is 250$ are by far a lot for a vps....

Vps for me is maximum 20Euro and then i am going with dedicated servers....

Also there are a ton of providers Europe or US based that can provide a super dedicated server for 250$ !

Link to comment
Share on other sites
ProSkill Enthusiast

ProSkill

Posted
Posted
3 hours ago, ASTRAPI said:

True. It is expensive !!!

$250 for a VPS?

For 250$ i can get this dedicated server:

2x Intel® Xeon® E5 2640 v4

192 GB DDR4 ECC

5x 500 GB SSD - Hardware Raid

 

I meant dedicated server.

16 hours ago, Lord Nowe said:

Yeah, that'll probably be true. However, I personally don't allow users to upload Videos. And the images are all compressed through Kraken. My costs last month were $1.20.

 I have about 400GB of pictures and videos. It's essentially an image based forum. 

Link to comment
Share on other sites
  • 2 weeks later...
The Old Man Grand Master

The Old Man

Posted
Posted

Hi,

I've recently set up S3 and Cloudfront. I followed the Amazon guidance recommendation and console warnings about only granting CDN access to the S3 bucket and removing the Everyone Read permission to ensure the file cant be accessed directly. I've got the CDN path in the file settings and once I got the full path correct, all works as it should.

However, looking at the files that IPS moved over to the CDN, it appears every file transferred is accessible via the s3 bucket direct URL, because the Everyone grantee permission for Read is enabled. 

What permissions do you have enabled for your IPS buckets when using a CDN?

If you're only using US and Europe endpoints, and S3 bucket direct access is disabled, does that mean visitors from say China can't view the images?

Thank you.

P.S. The guidance in the Help section really needs updating, best practice examples if using a CDN with S3 would be nice, and the video although out of date, is so hard to make out, even in HD quality, although listening to Charles is strangely very relaxing! He should do the shipping forecast of voice overs on History and Discovery documentaries!

Link to comment
Share on other sites
  • 2 years later...
sobrenome Veteran

sobrenome

Posted
Posted
On 1/22/2018 at 9:18 PM, The Old Man said:

What permissions do you have enabled for your IPS buckets when using a CDN?

Just the same permissions:

I am using Cloudflare, so I set a subdomain for the bucket on Cloudflare:

  • CNAME record
  • name: cdn
  • destination: cdn.YOURDOMAIN.COM.s3.sa-east-1.amazonaws.com

On AWS:

  • bucket name: cdn.YOURDOMAIN.COM

On IPS:

  • bucket: cdn.YOURDOMAIN.COM
  • endpoint: s3.sa-east-1.amazonaws.com
  • custom URL: //cdn.YOURDOMAIN.COM

Remember to use the proper region of your bucket.

I would like to know how are you dealing with data security. S3 is very reliable and do not need a backup as long there is an auto AWS replication of the data. But what if someone hacks the community AdminCP account and delete all files? Everything will be delete on S3.

Anyone is using S3 replication to another AWS account to secure the data? Is there any better solution?

 

 

Link to comment
Share on other sites
sobrenome Veteran

sobrenome

Posted
Posted
Quote

For best compatibility, we recommend that you avoid using dots (.) in bucket names, except for buckets that are used only for static website hosting. If you include dots in a bucket's name, you can't use virtual-host-style addressing over HTTPS, unless you perform your own certificate validation. This is because the security certificates used for virtual hosting of buckets don't work for buckets with dots in their names. 

Cloudflare does the https certificate validation in the case described, right?

The user’s browser will get the file from http://cdn.YOURDOMAIN.com and the ssl translation will be made by Cloudflare right? The files are pushed from s3 to cloudflare’s pops and the user will get the file from cloudflare, not from s3, right?

Link to comment
Share on other sites
The Old Man Grand Master

The Old Man

Posted
Posted

Hi Sobrenome,

My post you quoted was a few years ago. My cdn.example.com CNAME points to my Cloudfront domain, which in turn Cloudfront uses an OAI and an IAM user permission to connect back to the S3 bucket so there are no public permissions. I use the cross origin policy on the bucket so that cross origin webfonts and images work.

Yes, on my main site I use the S3 Replication option to auto update a bucket in the UK, my main one being in the US.

I also use Cloudflare with a Page Rule for the CDN CNAME.

FYIW, I was going to add S3 Acceleration to my Afterburner plugin, but I found with IPS improving the connection with signed urls, it now works fine out the box, you just use the endpoint it tells you to use. My IPS uploads usually upload to S3 around 2.5Mbps, but with the S3 acceleration option it's around double.

I have found since upgrading to 4.5 that I can't move items back to my IPS web server from S3, it goes completely boobs up. 

9086B88B-4D67-4C02-A4DF-631658411384.thumb.jpeg.8086f6a70135e8189ba3ae20c89ae1a4.jpeg
 

1D8B7D8F-9324-475A-A3A1-377B4FCC2224.thumb.jpeg.a909b321fb29fa54e5c25755aeae67f1.jpeg

 

2C8AEC05-8698-4818-9FFA-9552B9E86732.thumb.jpeg.707a4e97fa8b5a7656f58145566a290e.jpeg

 

872781D5-6F21-4AAB-819B-DD42DA939F33.thumb.jpeg.64744c50e759bd6875d97b04e4d823b1.jpeg

True story.

 

Link to comment
Share on other sites
sobrenome Veteran

sobrenome

Posted
Posted
1 hour ago, The Old Man said:

Yes, on my main site I use the S3 Replication option to auto update a bucket in the UK, my main one being in the US.

And the replication bucket has a copy only rule or a sync rule? If it is sync, if a file is deleted from the main bucket it will also be deleted from the replica.

I was searching for the s3 versioning behavior and I have seen that when a file is deleted with versioning turned on, the file is not actually deleted from s3, there is a "version delete note" that can be deleted to restore the file.

I still have to check, in real life, what happens when an admin or member IPS account deletes a file. If it will be retain as described above or if it will be actually deleted.

If the file is not actually deleted, there is already a security layer against abusive deletion by adminCP account on IPS, and the files can be restored. No need for replication, as long as S3 has multiple files along AZs. Am I right?

Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...