Environment and Base Setup

Bucket Creation and Naming

S3 bucket names are globally unique and become part of the website endpoint URL. For static website hosting, the bucket name must match your domain if you intend to use Route 53 with a CNAME or alias record — for example, www.example.com as a bucket name. For this lab, choose a name that is unique to your account, lowercase, and contains no spaces or uppercase characters.

Create the bucket in the AWS region closest to your primary audience. This affects both latency for direct S3 endpoint access and, if you add CloudFront later, origin fetch performance.

In the AWS Console: navigate to S3, select “Create bucket”, enter your bucket name, and choose your region. Leave all other defaults for now — you will configure them deliberately in the next steps.

Do not enable versioning for this lab. It is not needed for a static site and adds storage costs if you iterate on your files frequently.

Disabling Block Public Access

After the bucket is created, navigate to the “Permissions” tab. You will see the “Block public access” settings section. Disable “Block public bucket policies”. Leave the other three settings enabled — you do not need to allow public ACLs, and disabling more than necessary increases your attack surface.

The console will prompt you to confirm this change. This is by design. You are explicitly acknowledging that you intend to make this bucket accessible via a bucket policy.

After saving, you should see the block public access status updated to reflect that public bucket policies are now permitted.

Enabling Static Website Hosting

In the bucket “Properties” tab, scroll to “Static website hosting” and enable it. Set the index document to index.html. Set the error document to error.html. Note the endpoint URL displayed — it follows the pattern http://your-bucket-name.s3-website-<region>.amazonaws.com. This URL is HTTP only. S3 website endpoints do not support HTTPS natively; HTTPS requires CloudFront in front of S3.

This is a production-relevant constraint: for any site that handles user data, authentication tokens in URLs, or requires a custom domain with HTTPS, S3 static hosting alone is insufficient. CloudFront is the correct answer in those cases.

In this section, I confirmed:

0 of 4 completed

Bucket created in the correct region with a globally unique nameBlock public bucket policies is disabled; all other block settings remain enabledStatic website hosting is enabled with index.html and error.html configuredThe S3 website endpoint URL is noted and accessible (returns 403 until policy is applied)