Skip to content

How to Set Up your AWS S3 Bucket with HTTPS using Amazon Certificate Manager and CloudFront in 2020

  • AWS S3

đź“… September 14, 2018

•

⏱️4 min read

How to Set Up your AWS S3 Bucket with HTTPS using Amazon Certificate Manager and CloudFront in 2020

If you're needing to host your static site securely on a public S3 bucket with Route 53 as your DNS, this walk-through is your ticket to getting https set up quick.

What do you need

  • An AWS account with a payment method attached to it.
  • Access to the DNS configuration settings of your domain. That’s Route 53 for AWS.
  • About 40 minutes of time

That’s it.

Step 1 - Get a certificate

Head on over to [Amazon Certificate Manager] (https://aws.amazon.com/certificate-manager/).

Make sure you are in US East (N. Virginia) us-east-1 region, as shown in the screenshot in the top right of the browser window.

Screenshot for Amazon Certificate Manager region selection

Click on the button Request Certificate and choose Request a public certificate.

Add domain names

To cover both your root domain (yoursite.com) and all other subdomains that you may have now or create later (www.yoursite.com, shop.yoursite.com, etc.), add the following two domain names in this order:

  • yoursite.com
  • *.yoursite.com

The * acts as a wildcard so that a certificate is created for all your subdomains.

Validation Method

Email validation is an outdated way to validate the certificate request. I strongly suggest that you use the DNS validation.

Tags

These are optional, so you can leave them blank.

Next click Review.

Review

Make sure you have both a domain name and additional name that are as follows, otherwise go back and adjust accordingly:

  • yoursite.com
  • *.yoursite.com

Then click Confirm and Request.

DNS Verification

If you’re using Route 53, this step is easy. This trick is to expand using the small arrow indicated in the screenshot.

DNS Validation Screenshot for ACM

If you’re using Route 53, there will be a nice blue button that will allow you to create the record set without you having to type anything. You only have to create the record set once for either www.yoursite.com or *.yoursite.com, since they create the same record set. The validation is immediate.

If you’re not using Route 53, then copy and add the CNAME record to the DNS configuration for your domain. The validation will also take some time, as it has to propagate.

Head on over to [CloudFront] (https://aws.amazon.com/cloudfront/) and click Get started with Cloudfront Distribution.

Go and click on Create Distribution.

Delivery Method

Go ahead and click on Get Started under Web delivery method.

Create Distribution

We can leave all the settings under the default setting. Only two fields must be set.

Set the Origin Domain Name to the Amazon S3 Bucket where your content is. The name of it could be www.yoursite.com.s3.amazonaws.com or yoursite.com.s3.amazonaws.com, depending on how you set up your S3.

Set the SSL Certificate to the radio button that says Custom SSL Certificate and set the field to the Custom SSl Certificate you created in Step 1, with the domain name yoursite.com.

Click on Create Distribution to continue.

The next screen will show you a table of details of your CloudFront Distributions. Scroll over to the right to see the Status column. Once it is Deployed you can proceed.

Step 3 - Point your URL to CloudFront

Route 53 is your DNS

If you are using [Route 53] (https://aws.amazon.com/route53/) as your DNS, then head on over there.

Click Get Started with Amazon Route 53.

Click on Hosted Zones, and go to the domain name you’ve been working on.

Click on the blue button that says Create Record Set. We are going to create two A record sets.

The first one you create will leave the name field blank so that domain name is yoursite.com. Set the type to A. For Alias select yes.

Set the Alias Target to Cloud Distribution you created in Step 2. It will be named yoursite.com.

Click Create.

For the second record set you create will enter *. so that domain name is *.yoursite.com. Set the type to A. For Alias select yes.

Set the Alias Target to Cloud Distribution you created in Step 2. It will be named yoursite.com.

Click Create.

You’re done!

Results

These settings will take 45 minutes or so to propagate, but after that you should be able to enter the URL of any S3 object and see it loading via HTTPS.

  • Powered by Contentful
  • gatsby-starter-gcn by @ryanwiemer