Add HTTPS lock to AWS S3

The goal was to change the “Not secure” banner to the little lock (aka enable https) for

Previously, that site was hosted using only AWS S3 – which does not support “https”.

This is the documentation for the final configurations for AWS S3, AWS CloudFront. AWS Certificate Manager, and AWS Route 53.

The basic idea is to put a CloudFront distribution in front of your AWS S3 website, create a certificate, and then make sure all of the configuration settings between S3/CloudFront/Route53 agree and work with each other.


Bucket NamePublicStatic websiteNotes
www.timtiemens.comYesDisabledNo longer used
cftimtiemensdotcomYesEnabled/Bucket hostingBucket policy set to allow access to S3GetObject from Cloudfront

Since all of the files in AWS S3 are auto-deployed from a github repository using “aws s3 sync”, it was simple for me to change the target bucket from “s3://” to “s3://cftimtiemensdotcom”. Note that for AWS S3 static websites, the bucket name has to match ( but for CloudFront, the bucket name can be anything (cftimtiemensdotcom).

AWS CloudFront

Configuration ItemValueNotes
Price ClassUse all edge locationsIf there is ever a bill for this, switch to “Use only North America and Europ”
Custom SSL CertificateARN of certificateSelected from dropdown list
Alternate domain names2
Origin Domaincftimtiemens.comFrom dropdown choices
HTTP only, port 80
“Name” is greyed-out, no edit
Path pattern*
Origin and origin
ViewRedirect HTTP to HTTPS
Allowed HTTP methodsGET, HEAD

AWS Certificate Manager

Configuration ItemValueNotes
timtiemens.comRequires DNS CNAME confirmation
*.timtiemens.comRequires same DNS CNAME confirmation
In UseYes

After created, pushed the “Create records in Route 53” button. This creates the required CNAME records in the hosted zone.

AWS Route 53

timtiemens.comAAlias, to
www.timtiemens.comAAlias, to
various “_xxyyzz”CNAMEas set by AWS Certificate Manager, for various certificates to be validated by DNS
blog.timtiemens.comA34.236.123.127 (separate webserver, not under this CloudFront distribution)

This entry was posted in Software Project. Bookmark the permalink.