Configure AWS Route 53, CloudFront and SSL Certificate

Okay then, In this tutorial I’m gonna explain how to configure your website or application with AWS Route 53, CloudFront and adding HTTPS to your domain.

My Use Case

Here is the exact scenario I had to face at my workplace. Our client wanted to buy a domain where the application should be accessible using that domain. Domain must use HTTPS protocol and also needs to decrease the loading time of the application. So we choose CloudFront service to do that.

Steps

  1. Buy a new domain name ( you can use your own domain).

These are the steps we are going to cover up in this article. To begin this process, so lets start with buying a domain. You can skip this part if you already have a domain. If you don’t have one, follow me ;)

Buy a New Domain Name

  1. Sign in to the AWS Management Console and open the Route 53 console at https://console.aws.amazon.com/route53/

Allocate a SSL certificate for the domain

Tips : In our project we used our application default region as Europe (London). Certificate was also created in the London region. But when I created the CloudFront distribution, my SSL certificate didn’t show up in there. As a solution I created a certificate in the US East (N. Virginia). This certificate will be shown up in the CloudFront. Let me know your thoughts about this.

  1. Sign into the AWS Management Console and open the ACM console at https://console.aws.amazon.com/acm/home. Choose Request a certificate

7. On the Validation page, retrieve the name of the CNAME record that must be added to your DNS database. In the Domain section, expand your domain information and record the Name of the CNAME record.

We can add this CNAME value in our DNS configuration. In our use case we required to add this record to our Route 53. We can go to the Route 53 and add this CNAME record as a new record set.

In the other option, there is a Create record in Route 53 button and it will add those records to Route 53 for us.

The Create record in Route 53 button appears if the following conditions are true:

  • You use Route 53 as your DNS provider.

After a few minutes certificate status will change to “Issued”. Okay now we have a SSL certificate.

Create CloudFront distribution

  1. Open the CloudFront console at https://console.aws.amazon.com/cloudfront/.Choose Create Distribution.

In my case, we hosted our application inside the S3 bucket as a static web site. Go to your S3 bucket > Properties > Static website hosting then copy the Endpoint URL. We will be using this URL as the Origin Domain Name for the distribution.

4. Under Default Cache Behavior Settings, accept the default values but we are going to change Viewer Protocol Policy to Redirect HTTP to HTTPS. This means if we request an application through HTTP then its automatically redirected as a HTTPS request.

5. Under Distribution Settings, we are going to change two things, Alternate Domain Names and SSL Certificate.

We can also create a distribution without Alternate domain names or custom SSL. Then CloudFront will generate a unique URL with their default CloudFront certificate (*.cloudfront.net). But we have purchased a domain name and SSL certificate.

Other thing is if we are going to use an alternate domain name we cannot use CloudFront default certificate. We have to use a custom certificate.

  • Add an Alternate Domain Name which we have already purchased in the 1st step.

6. Choose Create Distribution.

7. After CloudFront create your distribution, the value of the Status column for your distribution changes from In Progress to Deployed. This typically takes between 20 and 40 minutes.

Now the process is almost complete. The final step is that we need to map CloudFront with DNS (Route 53).

This step we need to tell to the DNS where the CloudFront distribution is. So to do that we need to create a ‘A Record’ to point our CloudFront distribution URL.

  • Go to the Route 53 > Hosted zones > select our Domain name > Create Record Set

That’s all. Now we have successfully configured Route 53, CloudFront and SSL certificate.

We are done. 🎉 👐

If you like this post, don’t forget to share and follow.

Software Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store