Want your static website to stop freaking out browsers with scary not secure warnings and actually use HTTPS like a grown up? This guide walks you through requesting a public TLS certificate in AWS Certificate Manager using DNS validation in Route53 and then wiring that certificate to CloudFront so your S3 hosted site serves over HTTPS. It is practical, repeatable and mildly sarcastic when AWS decides to nap during a deployment.
Head to ACM in us east 1 because CloudFront will only accept certificates from that region. Request a public TLS certificate for the apex domain and any subdomains you care about such as www. Choose DNS validation when prompted. If your domain is managed in Route53 you can ask ACM to create the validation records automatically or copy the CNAME values and paste them into the hosted zone yourself.
Create an S3 bucket named for the domain you plan to use. You can enable S3 static website hosting if you want the bucket to respond directly, but for a production ready HTTPS setup keep the bucket private and use CloudFront as the public face. Upload your site files and set an index document and an error page as needed.
Do not make the bucket public if you care about security. Instead configure an origin access control or the older origin access identity so CloudFront is the only thing that can fetch objects.
Create a CloudFront distribution and point the origin to your S3 bucket. In the alternate domain name field add your custom domain. Then attach the ACM certificate you requested in us east 1. Set the viewer protocol policy to redirect HTTP to HTTPS so visitors get encrypted traffic even if they type an insecure URL.
Configure origin access control so the bucket does not need to be public. Also pick a minimum TLS version such as TLS 1.2 to keep things modern and less embarrassing.
In Route53 create an A record with alias to the CloudFront distribution domain name. If you used the apex domain create an alias record. If you used subdomains add the appropriate records. DNS and distribution deployment both take time so relax and have a beverage while things propagate.
This process gives you HTTPS for a static S3 site with ACM handling certificates and CloudFront delivering content fast and securely. It is a bit of clicking and waiting but the outcome is worth it. Now go forth and serve your static site over HTTPS like someone who knows what they are doing.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.