Website endpoints - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Website endpoints

When you configure your bucket as a static website, the website is available at the Amazon Web Services Region-specific website endpoint of the bucket. Website endpoints are different from the endpoints where you send REST API requests. For more information about the differences between the endpoints, see Key differences between a website endpoint and a REST API endpoint.

Depending on your Region, your Amazon S3 website endpoint follows one of these two formats.

  • s3-website dash (-) Region

  • s3-website dot (.) Region

These URLs return the default index document that you configure for the website. For a complete list of Amazon S3 website endpoints, see Amazon S3 Website Endpoints.


To augment the security of your Amazon S3 static websites, the Amazon S3 website endpoint domains (for example, or are registered in the Public Suffix List (PSL). For further security, we recommend that you use cookies with a __Host- prefix if you ever need to set sensitive cookies in the domain name for your Amazon S3 static websites. This practice will help to defend your domain against cross-site request forgery attempts (CSRF). For more information see the Set-Cookie page in the Mozilla Developer Network.

If you want your website to be public, you must make all your content publicly readable for your customers to be able to access it at the website endpoint. For more information, see Setting permissions for website access.


Amazon S3 website endpoints do not support HTTPS or access points. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3. For more information, see How do I use CloudFront to serve HTTPS requests for my Amazon S3 bucket? To use HTTPS with a custom domain, see Configuring a static website using a custom domain registered with Route 53.

Requester Pays buckets do not allow access through a website endpoint. Any request to such a bucket receives a 403 Access Denied response. For more information, see Using Requester Pays buckets for storage transfers and usage.

Website endpoint examples

The following examples show how you can access an Amazon S3 bucket that is configured as a static website.

Example — Requesting an object at the root level

To request a specific object that is stored at the root level in the bucket, use the following URL structure.

For example, the following URL requests the photo.jpg object that is stored at the root level in the bucket.
Example — Requesting an object in a prefix

To request an object that is stored in a folder in your bucket, use this URL structure.

The following URL requests the docs/doc1.html object in your bucket.

Adding a DNS CNAME

If you have a registered domain, you can add a DNS CNAME entry to point to the Amazon S3 website endpoint. For example, if you registered the domain, you could create a bucket, and add a DNS CNAME record that points to All requests to are routed to

For more information, see Customizing Amazon S3 URLs with CNAME records.

Using a custom domain with Route 53

Instead of accessing the website using an Amazon S3 website endpoint, you can use your own domain registered with Amazon Route 53 to serve your content—for example, You can use Amazon S3 with Route 53 to host a website at the root domain. For example, if you have the root domain and you host your website on Amazon S3, your website visitors can access the site from their browser by entering either or

For an example walkthrough, see Tutorial: Configuring a static website using a custom domain registered with Route 53.

Key differences between a website endpoint and a REST API endpoint

An Amazon S3 website endpoint is optimized for access from a web browser. The following table summarizes the key differences between a REST API endpoint and a website endpoint.

Key difference REST API endpoint Website endpoint
Access control

Supports both public and private content

Supports only publicly readable content
Error message handling

Returns an XML-formatted error response

Returns an HTML document
Redirection support

Not applicable

Supports both object-level and bucket-level redirects
Requests supported

Supports all bucket and object operations

Supports only GET and HEAD requests on objects
Responses to GET and HEAD requests at the root of a bucket Returns a list of the object keys in the bucket Returns the index document that is specified in the website configuration
Secure Sockets Layer (SSL) support Supports SSL connections Does not support SSL connections

For a complete list of Amazon S3 endpoints, see Amazon S3 endpoints and quotas in the Amazon Web Services General Reference.