Create SSL with S3 website

Let’s assume that you have two pre-requisities.

Cloud Front

Go to Cloud front via Services choice.

In CloudFront click Distribution button.

Select Get Started in Web section.

In Origin Domain Name select your S3 bucket.

In Default Cache Behavior Settings select Redirect HTTP to HTTPS.

Enter index.html to Default Root Object and click Create Distribution button below.

It will take a time to create distribution, watch Status item. Once it is done, the field indicated Deployed, copy web address in field Domain Namet to your web browser and verify that your S3 web page is working.

If you plan to update your website hosted in S3 bucket frequently and you want to avoid any caching in CloudFront you have to setup Invalidanting. Select your newly created distribution.

On next screen click Invalidations tab and select Create Invalidation.

In dialog you have many filtering options as it is shown in examples, if you want to invalidate all objects, just use wildcard /* and click Invalidate button.

Route 53

Now we will create a DNS records for your domain. In console select Route 53 and

Then Get started now button in DNS management section.

This brings you to Route 53 dashboard. Select Hosted zones and click Create Hosted Zone button (maybe twice per Aws bug?) .

On the right will be opened window Create Hosted Zone so enter your domain name e.g. Keep Public Hosted Zone type and click Create.

This creates NS and SOA domain records. Take all 4 NS records and write them to NS records at your domain provider. It can take a time (24-72 hours) then they are replicated and your domain is directed to here.

Create SSL/TLS certificate for domain

In Aws console select Certificate Manager.

Then use Get started button at Provision certificates.

At least for now CloudFront accepts certificates created in us-east-1 region only, therefore switch to this region.

Then select Request a public certificate and click Request a certificate button.

On next screen you can specify some domain names you want to cover with the certificate. Let’s enter at least two entries e.g. and then * Then click Next button.

On validation screen select DNS validation item and click Next, then Review and then Confirm and request.

Now you will see Validation screen where you can see CNAME entry with value.

Now you can either click Create record in Route 53 or enter this CNAME record to your domain record manually. Let’s go with the second way. Copy the string in value field to clipboard and go to Route 53 Hosted zones where select your domain name and click Create record Set.

On the right side you can specify the record. Select CNAME and use wildcard * in front of your domain name. Then paste string from certificate page above and click Create button.

You new CNAME record will appear in the list of domain records. Now back in Certificate Manager verify that Validation status has Success value. This can take up to 30mins after entering CNAME to your domain.

Direct Cloud Front to Route 53

You can tie CloudFront distribution with Route53 domain via A domain record.

Go to CloudFront and copy to clipboard Domain Name string (ending with

Now back in Route53 click Create Record Set. Name field leave empty, select type A, then Alias Yes and to Alias Target paste your CloudFront domain name string (ending with Then click Create button.

Now you are almost done, but we have to make some changes in your CloudFront distribution. Go back to CloudFront and select your distribution. Then click Edit button in General tab.

In following dialogue enter your domain name to the field Alternate Domain Names (CNAMEs). Use both domain name and domain name with wildcard e.g. and * Then click button Yes, Edit.

Now it takes some time until Status at your distribution shows Deployed. once this happens, just try your domain in web browser, it shows SSL secured connection now.

You may also like...

Follow by Email