Okay then, In this tutorial I’m gonna explain how to configure your website or application with AWS Route 53, CloudFront and adding HTTPS to your domain.
My Use Case
Here is the exact scenario I had to face at my workplace. Our client wanted to buy a domain where the application should be accessible using that domain. Domain must use HTTPS protocol and also needs to decrease the loading time of the application. So we choose CloudFront service to do that.
- Buy a new domain name ( you can use your own domain).
- Allocate a SSL certificate for the domain.
- Create CloudFront distribution for our application.
- Map CloudFront URL with our domain (Route 53 + CloudFront).
These are the steps we are going to cover up in this article. To begin this process, so lets start with buying a domain. You can skip this part if you already have a domain. If you don’t have one, follow me ;)
Buy a New Domain Name
- Sign in to the AWS Management Console and open the Route 53 console at https://console.aws.amazon.com/route53/
- If you’re new to Route 53, under Domain Registration, choose Get Started Now. If you’re already using Route 53, in the navigation pane, choose Registered Domains.
- Enter the domain name that you want to register, and choose Check to find out whether the domain name is available.
- If the domain is available, choose Add to cart. The domain name appears in your shopping cart.
- On contact details page enter your details and provide an email address that you can access. Verification link will be sent to the email. So to keep this step simple I select My Registrant, Administrative, and Technical Contacts are all the same to Yes.
- In the Verify & Purchase step you can select either auto renew domain Disabled or Enabled and Agree the Terms and Conditions.
A verification email will be sent to your provided email address. After you verified the link, click on the Refresh Status. It will update the status and Complete the Order.
- That’s all. Domain will be listed under the Pending requests. After a few minutes, domain status will change to the Domain registration successful and your domain will be listed under Registered domains in the menu.
Allocate a SSL certificate for the domain
Tips : In our project we used our application default region as Europe (London). Certificate was also created in the London region. But when I created the CloudFront distribution, my SSL certificate didn’t show up in there. As a solution I created a certificate in the US East (N. Virginia). This certificate will be shown up in the CloudFront. Let me know your thoughts about this.
- Sign into the AWS Management Console and open the ACM console at https://console.aws.amazon.com/acm/home. Choose Request a certificate
- On the Request a certificate page, choose Request a public certificate and Request a certificate to continue.
- On the Add domain names page, type your domain name. You can use a fully qualified domain name (FQDN), such as
www.example.com, or a bare or apex domain name such as
- On the Select validation method page, choose either DNS validation or Email validation, depending on your needs. I recommend you to use DNS validation.
- On the Add tags page, there you have option to tag your certificate.
- If the Review page contains correct information about your request, choose Confirm and request. Now our certificate status is Pending validation.
7. On the Validation page, retrieve the name of the CNAME record that must be added to your DNS database. In the Domain section, expand your domain information and record the Name of the CNAME record.
We can add this CNAME value in our DNS configuration. In our use case we required to add this record to our Route 53. We can go to the Route 53 and add this CNAME record as a new record set.
In the other option, there is a Create record in Route 53 button and it will add those records to Route 53 for us.
The Create record in Route 53 button appears if the following conditions are true:
- You use Route 53 as your DNS provider.
- You have permission to write to the zone hosted by Route 53.
- Your FQDN has not already been validated.
After a few minutes certificate status will change to “Issued”. Okay now we have a SSL certificate.
Create CloudFront distribution
- Open the CloudFront console at https://console.aws.amazon.com/cloudfront/.Choose Create Distribution.
- On the Select a delivery method for your content page, in the Web section, choose Get Started.
- On the Create Distribution page, for Origin Domain Name, Copy the public access URL of your application.
In my case, we hosted our application inside the S3 bucket as a static web site. Go to your S3 bucket > Properties > Static website hosting then copy the Endpoint URL. We will be using this URL as the Origin Domain Name for the distribution.
4. Under Default Cache Behavior Settings, accept the default values but we are going to change Viewer Protocol Policy to Redirect HTTP to HTTPS. This means if we request an application through HTTP then its automatically redirected as a HTTPS request.
5. Under Distribution Settings, we are going to change two things, Alternate Domain Names and SSL Certificate.
We can also create a distribution without Alternate domain names or custom SSL. Then CloudFront will generate a unique URL with their default CloudFront certificate (*.cloudfront.net). But we have purchased a domain name and SSL certificate.
Other thing is if we are going to use an alternate domain name we cannot use CloudFront default certificate. We have to use a custom certificate.
- Add an Alternate Domain Name which we have already purchased in the 1st step.
- Choose Custom SSL Certificate option and select SSL certificate that we have allocated in the 2nd step.
6. Choose Create Distribution.
7. After CloudFront create your distribution, the value of the Status column for your distribution changes from In Progress to Deployed. This typically takes between 20 and 40 minutes.
Now the process is almost complete. The final step is that we need to map CloudFront with DNS (Route 53).
This step we need to tell to the DNS where the CloudFront distribution is. So to do that we need to create a ‘A Record’ to point our CloudFront distribution URL.
- Go to the Route 53 > Hosted zones > select our Domain name > Create Record Set
- Select Alias as Yes and give Alias Target as our CloudFront distribution URL.
That’s all. Now we have successfully configured Route 53, CloudFront and SSL certificate.
We are done. 🎉 👐
If you like this post, don’t forget to share and follow.