Create an S3 bucket

  • Create the bucket, make sure to enable public access

  • Set the bucket policy (replace mykb.mife.ca with your bucket name):

{
  "Version":"2012-10-17",
  "Statement":[{
	"Sid":"PublicReadGetObject",
        "Effect":"Allow",
	  "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::mykb.mife.ca/*"
      ]
    }
  ]
}
  • Enable website access for this bucket. Specify 404.html as the error document (this is Hugo-specific)

Create IAM user to publish to the website

I am using Hugo as static website generator and I want to publish the generated site. I want to provide the minimum credentials on the server.

  • Create IAM account on AWS. Enable only the programmatic access to this user
  • Create the following policy to allow access to the S3 bucket:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::mykb.mife.ca"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::mykb.mife.ca/*"
        }
    ]
}
  • Assign this policy to the created user

Configure AWS cli on Hugo server

apt install curl unzip
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o awscliv2.zip
unzip awscliv2.zip
./aws/install
aws configure

Copy the API user and key from AWS IAM console, provide the region where the S3 bucket resides

Publish the website using aws s3 sync command

Generate static version of the website

hugo -D
  • Option 1. Publish the website using aws s3 sync command:
aws s3 sync public/ s3://mykb.mife.ca/ --delete

Publish the web site using hugo deploy

Add the following sections to config.toml

[deployment]
# By default, files are uploaded in an arbitrary order.
# Files that match the regular expressions in the "Order" list
# will be uploaded first, in the listed order.
order = [".jpg$", ".gif$"]


[[deployment.targets]]
# An arbitrary name for this target.
name = "s3deployment"
# S3; see https://gocloud.dev/howto/blob/#s3
# For S3-compatible endpoints, see https://gocloud.dev/howto/blob/#s3-compatible
URL = "s3://mykb.mife.ca?region=us-east-2"

Perform the generation and syncronization using hugo deploy command

hugo -D
hugo deploy

Create an alias record in DNS