Search code examples
amazon-web-servicesamazon-s3dnsamazon-cloudfront

Use custom domain with S3 and cloudfront

So I'm trying to use an alternate domain name in CloudFront. Let's say www.example.com.

  1. I created an S3 bucket with all public access blocked. Under the policy I gave permission to my CloudFront distribution to access the contents of the bucket, and enabled the bucket to "host a static website".
  2. Under the domain name for the CloudFront distribution, I'm using the bucket endpoint with Origin access control settings (recommended) on.
  3. Now, up to this point this seems to work. If I go to the distribution domain name, my website is loaded. I'm only getting problems loading from my custom domain name.
  4. So next, I set up the alternate domain name, and I added a custom SSL certificate. I validated the certificate by adding a dns record to my dns domain database (I'm using Google Domains).
  5. Finally, I set up a cname record from my domain www.example.com to go to my CloudFront distribution, but this is where it's failing. I just get This site can't be reached The sever IP address could not be found

What am I doing wrong? Do I need a different type of record with the CloudFront distribution? Also it's been over 72hr since last time I updated the dns records, so I don't expect that to be an issue.

Any ideas?

Solution

  • CloudFront doesn't support assigning a static IP address to distributions, that's why you have to use Amazon Route 53 to create an alias record that points to your CloudFront distribution.

    In order to run your website exposed with CloudFront with your own domain, you have to do the following things.

    • Point your domain from other domain registrar i.e. GoDaddy to Route53.
      • Create a hosted zone in Route53 for your apex domain i.e. example.com or sub-domain i.e. abc.example.com
      • Once created, copy the 4 NS records of the new hosted zone to your GoDaddy domain. This causes your domain to use Route53 name-servers going forward.
    • Select you newly created hosted zone, create an A record with Alias enabled, and select your CloudFront distribution from the dropdown.
    • To create an ACM certificate, select us-east-1 (north virginia) region, as CloudFront certificates needs to be created only in this region.
    • Use DNS Validation when provisioning the certificate using ACM, it takes some time to validate the domain. But if your domain is configured correctly, it will pass the validation in roughly 5 minutes.