Amazon S3 is one of the most widely used cloud storage services for hosting static websites, storing build artefacts, and serving assets. While AWS provides its own CLI and console for uploading files, manually syncing changes from your GitHub repository to an S3 bucket is tedious and error-prone — especially when you're deploying multiple times a day.
DeployHQ automates this process by connecting your GitHub repository directly to your S3 bucket. Every time you push a commit, only the changed files are uploaded, keeping deployments fast and reliable.
What you'll need
- A GitHub account with a repository you want to deploy
- An AWS account with an S3 bucket configured
- AWS access credentials (Access Key ID and Secret Access Key)
- A DeployHQ account (the free plan supports 1 project with up to 10 deploys per day)
Creating a new project in DeployHQ
After signing in to DeployHQ, click the New Project button at the top of the screen.
Enter a name for your project and select GitHub as the repository host. DeployHQ also supports GitLab, Bitbucket, and other hosting providers.
Connecting to your GitHub repository
After clicking Create Project, you'll be prompted to authorise DeployHQ with GitHub. Once authenticated, select your account and choose the repository you want to deploy.
DeployHQ automatically adds an SSH key to access your repository. Keep the Add a webhook option checked — this enables automatic deployments triggered by new pushes.
Configuring your S3 bucket
After connecting your repository, DeployHQ directs you to the New Server screen. Enter a name for the server and select S3 as the protocol.
You'll need to provide:
- Bucket name: The name of your S3 bucket (e.g.,
my-website-bucket) - Access Key ID: Your AWS IAM access key
- Secret Access Key: Your AWS IAM secret key
- Region: The AWS region where your bucket is located
- Path prefix: The directory within the bucket where files should be placed (e.g.,
publicor leave empty for the root)
IAM best practices
For security, create a dedicated IAM user with the minimum permissions required for deployment. A policy like this grants only the necessary S3 access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::my-website-bucket",
"arn:aws:s3:::my-website-bucket/*"
]
}
]
}
Never use your root AWS account credentials. Dedicated IAM users with scoped permissions reduce the blast radius if credentials are ever compromised. For more on protecting sensitive credentials in your deployment workflow, see our guide on managing environment variables.
Click Create Server to finish the configuration.
Deploying for the first time
With your repository and server configured, click Deploy for the first time in the top right of your project:
Review the deployment details — the server and branch are selected automatically, and the start revision shows The very first commit since no previous deployments exist. Click the green Deploy button to begin.
DeployHQ uploads all files from your repository to the S3 bucket. Once complete, you can review the deployment log showing every file that was transferred.
Enabling automatic deployments
After your initial deployment, set up automatic deployments so pushing to GitHub triggers a deployment without logging in to DeployHQ.
Navigate to Automatic Deployments in the left sidebar and enable the option for your server:
Now when you push a commit to your repository, DeployHQ automatically starts a deployment, uploading only the files that changed:
Hosting a static website on S3
S3 can serve static websites directly. To enable this:
- Open your bucket in the AWS S3 console
- Go to Properties → Static website hosting and enable it
- Set the Index document (typically
index.html) and optionally an Error document (e.g.,404.html) - Under Permissions → Bucket policy, add a policy allowing public read access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-website-bucket/*"
}
]
}
Your site is then accessible at http://my-website-bucket.s3-website-REGION.amazonaws.com. For a custom domain with HTTPS, place a CloudFront distribution in front of the bucket.
Using build pipelines for compiled assets
S3 deployments don't support running SSH commands on the destination, which is a problem if your project uses tools like Sass, TypeScript, or a framework that requires a build step.
DeployHQ's build pipeline solves this. You can define build commands that run in an isolated environment before the deployment:
For example, a typical React or static site build might use:
npm install
npm run build
DeployHQ runs these commands, then uploads the compiled output to your S3 bucket. Check our guides for framework-specific build pipeline configurations.
Deploying to multiple environments
For projects that need staging and production environments, you can add multiple S3 servers to a single DeployHQ project — each pointing to a different bucket or path prefix. Deploy different branches to different environments using DeployHQ's multi-environment management features.
Ready to automate your GitHub to S3 deployments? Sign up for DeployHQ and deploy your first project in under 5 minutes.
If you have any questions about S3 deployments or any other aspect of DeployHQ, contact us at support@deployhq.com or reach out on X (Twitter).