Secure Static website hosted on S3 using custom SSL in Cloudfront

Question

My subdomain configured in route53 dev.abc.com goes to unsecure connection and I want to make it available via https only.

Steps I have done:

• Get a custom SSL certificate from AWS ACM and add cname records in my route53 hosted zone.
• Made a cloudfront distribution that uses custom ssl cert created in step 1 where the name of ssl certificate and the alternate domain name match(dev.abc.com)
• Mark Redirect HTTP to HTTPS behaviour in cloudfront
• Add an A record for dev.abc.com to the cloudfront distribution by adding an alias record

I have reviewed multiple guides being new to AWS infra and have not come accross a solutions. I have also found that If your Amazon S3 bucket is configured as a website endpoint, you can't configure CloudFront to use HTTPS to communicate with your origin because Amazon S3 doesn't support HTTPS connections in that configuration here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html

Is there any way to make my url accessible via https?

Answer 1

The steps you have done sound generally ok, I guess the issue is in some detail that you've missed or haven't described.

Be aware not to mix steps and stick to one path: Either "S3 static hosting mode" or "OAC/OAI" path. Mixing both will lead to confusions and a not working solution.

Step-by-step guide if S3 is in static hosting mode here.

Step-by-step guide if S3 shouldn't be in static hosting mode and everything should pass through CloudFront (here).