Hello @ChristopheH

I spoke with a Brocade TAC representative regarding your request and this was their response:

"It looks like this user's request is not possible. Amazon Web Services itself can turn static S3 HTML content into a web site. There is the restriction that anything dynamic, like AJAX, PHP, etc., would be prohibited, but it seems the user is already aware of that. 

In any case, the traffic manager is not able to tap into this capability offered directly from Amazon. To do this, the traffic manager would probably need to make reference to an Amazon Resource Name (ARN). But when building out a service inside the traffic manager, it assumes that there will be nodes. Nodes can be identified by name or IP address. A port number is also required. But I see no way of turning an S3 bucket, its contents, or an Amazon Resource Name into a node."

We hope this answers your question; if you have any further questions, please let us know.

Regards,

Denise K.

Brocade Community Team

@DeniseK

Chiming in from the side lines here (I am an ADC Product Manager at Brocade)..

We actually have customers doing just this - using an S3 bucket for storing content and serving them from a Traffic Manager. Their main reason was wanting to enable compression, caching, access lists and User-Agent specific content routing, but your use case will work just as easily. I just re-tested it, and it took longer to write it up then it took to set it up!

The setup is actually pretty simple:

1. You have a DNS entry for something that points at the vTM (eg: mys3proxy.company.com)
2. You have an S3 bucket that hosts your content. (eg: https://s3-ap-southeast-1.amazonaws.com/my_bucket/public/myfile.html) and the access lists for the S3 bucket allow public access (or at least the vTM - see the security note at the bottom if the content and the buckets aren't public)
3. You create a vServer and matching Traffic IP Group on the vTM (don't forget to set up vServer TLS/SSL!!)
   1. DNS for mys3proxy.company.com resolves to the TIP Group IP address
   2. If you are using TLS/SSL, your certificate should have a DN of mys3proxy.company.com
4. You use the S3 bucket host name as the pool (remember to enable SSL/TLS on the pool)
   1. In this example, my pool definition would be s3-ap-southeast-1.amazonaws.com with a port of 443, and TLS/SSL enabled for the pool.
5. You create either a TrafficScript or Rule Builder rule to rewrite the HTTP HOST header to the S3 bucket hostname
   1. in this example, a rule that sets the HOST value to "s3-ap-southeast-1.amazonaws.com"
   2. See the following screenshot for an example 
6. You are good to go...
   1. If you browse to http(s)://mys3proxy.company.com/my_bucket/public/myfile.html, the connection will be handled by the vTM, and the S3 bucket is acting as your pool...
7. Please make sure you think about the security of the setup.
   1. Your S3 access lists need to be set up appropriately.
   2. Remember that the vTM is just proxying access from the front end to the s3 bucket. If you have other files in the S3 bucket that shouldn't be accessed via the vTM, make sure you put suitable restrictions in place.
   3. I would reccomend at least having the TrafficScript or Rule Builder limit access to specific buckets/files, so we don't end up being a generic S3 proxy that is open for abuse, so something like:
      1. Use a directory prefix in your bucket such as /public/
      2. If the request path does not start with "/my_bucket/public/"
         1. Log an Error "S3 Bucket Abuse Detected!"
         2. Drop the connection
      3. See the following screenshot for an example 

Thank you for chiming in, @aidan.clarke!!! I sent your response back to TAC so they are aware, as well. :-)

Much obliged,

Denise