S3 Bucket, SSL Certificate, CloudFront, and Route 53 for FinOps Center Front End Application

Super Administrator

Written By Chris Zeller (Super Administrator)

Updated at October 2nd, 2024

FinOps Center's Front End Application is deployed and served through S3. To prepare for the installation, an S3 bucket needs to be created, an SSL Certificated needs to be provisioned, a CloudFront Distributions needs to be setups, and lastly the CloudFront Distribution needs to be configured in your DNS to redirect your specific Domain Name of your FinOps Center. 

1.Create and S3 Bucket for the FinOps Center REACT Application

Set up the bucket within the designated AWS Account for installing the FinOps Center, managed by Delegated Admin/CloudOps. Configure the bucket for static website hosting and enforce blocking of public access. Also, include index.html as both the Index and Error Document.

 

2.Create SSL Certificate for the FinOps Center Application

We recommend using AWS Certificate to create your SSL certificate for FinOps Center due to integration with CloudFront. Like any of your other web application, the Fully qualified domain name for your FinOps Center needs to be knows prior to requesting certifcate. 

 

 

Once the certificate is approved, it will be accessible in CloudFront. To proceed:

3.Go to CloudFront and initiate the creation of a distribution.

4.Choose the S3 bucket created for deploying the FinOps Center (Note: Do not select the Use Website Endpoint option).

5.For Origin Access, opt for the second option: Origin access control settings (recommended), and create a control setting using the bucket defaults. Set Sign Request/Origin Type as S3, then proceed to create.

Ensure to update the specified settings below, unless instructed otherwise, while leaving the rest as default.

Update View 

Web Access Firewall

6. Create Distribution (When the Distribution is Create the CloudFront Homepage will have the Updated S3 bucket policy that needs to be applied to the S3 Bucket -> copy to be applied to bucket. (Note: The distribution may take 5 minutes or so to create, work on Step 9 and 10).

7. Navigate to the Error Page Tag and Config as detailed below. (Note: If uses raise issue that when they refresh page it doesn't load its likely because the Error Page Configuration is Missing)

8. Set invalidation for the distribution

 

9. Navigate to the S3 Bucket for FinOps Center Application and to Permission. Edit Permission with the Policy from CloudFront

10. Navigate to Route 53 or Domain Controller and Create an A Record that is Domain Name of your distribution

Related Articles

Encryption

FinOps Center leverages native services encryption of data at rest and in transit...

Architecture

FinOps Center is 100% Cloud-Native leveraging a number of AWS Services. The Full ...