loading...

Redirecting a domain with HTTPS using Amazon S3 and CloudFront

marklocklear profile image J. Mark Locklear ・5 min read

First off a big thanks to Simone Carletti and his article on the topic. I basically ripped off everything from his article to create this one but with a little less detail and updated screenshots. Thank you Simone!

The reason this process was helpful for me was that my organization had a bunch of legacy domains that we needed to remain active, but we wanted to redirect them to other domains. In addition we needed them to respond to https. Prior to this we have a bunch of servers that remained online for sole purpose of being able to respond and redirect https domains to other domains. This solution allowed us to take those servers offline.

This whole process can take up to an hour assuming you get everything right the first time (you probably won't) so grab a Snickers and let's do this!

The overall steps:
-Configure S3 Bucket
-Issue an SSL Certificate via Amazon Certificate Manager (ACM)
-Configure Amazon CloudFront HTTPS redirect
-Test records via CURL
-Point the DNS record to CloudFront endpoint

Let's dive right in!

Create a new Amazon S3 bucket:

Create Bucket

On the first page enter the "Bucket Name" with the same name (without the http) as the origin domain (the domain name you want to redirect).

Enter Domain Name

Now click through the rest of the settings keeping the defaults until you reach the "Create Bucket" button. Now click the "Create Bucket" button.

Now back on the S3 main page click the name of the bucket you just created and click the "Properties" tab:

Click Properties Tab

Now click the "Static website hosting" box:

Click static website hosting

On this page you want to choose "Redirect requests" and enter the target bucket (this is the domain name you want to redirect to) along with the protocol. One last thing before clicking save. Make note of the "Endpoint" on the page. Go ahead and copy the endpoint and paste it in a text editor. We will need this later. After entering that information click "Save":

Set Properties

Issue an SSL Certificate via Amazon Certificate Manager (ACM)

To create an SSL cert go to AWS Certificate Manager in AWS. Super important step here, you must (or at least had to) choose "US East(N. Virginia) from the drop-down in the upper right-hand corner of the AWS console:

Choose Region

Now click "Get Started" under "Provision certificates":

Provision Certificates

After clicking "Get Started" choose "Request a public certificate" then click the "Request a certificate" button:

Request Certificate

On Step 1 enter the domain you want to redirect (no http(s)) then click next:

Enter domain name

On Step 2 choose "DNS Validation" (this is assuming you are using Route 53 or have access/ability to create DNS records for your domain) and choose next:

DNS Validation

You can choose the defaults for Steps 3 and 4 and finally click "Confirm and Request" at the end:

Confirm and request

At this point, you should see something like "Pending validation" for the status of the certificate you just issued. The subsequent page should also give you CNAME record name and value to configure in your DNS provider. If you are using Route53 go to the Route53 console in AWS and click "Create Record Set" and in the "Name" section paste the "Record Name" value provided from Certificate Manager. For "Type" choose CNAME. For Alias choose "No" and in the "Value" box paste the "Record Value" value provided from the Certificate Manager. Here is what mine looks like:

Route 53 Config

In a few minutes, the status over in the Certificate Manager should change to "Issued" for the Certificate you created.

status changed

Configure Amazon CloudFront HTTPS redirect

Go to CloudFront Distributions in AWS and click the "Create Distributions" button:

Create Distribution

On the next screen choose "Get Started" under "Web" for the delivery method:

Delivery Method

On the subsequent page in the "Origin Domain Name" box insert the S3 endpoint you saved earlier. Do not use the auto-suggested endpoints that you see when you click in the box. You need to use the endpoint displayed when you view the properties of the S3 bucket.

Scroll down and find "Alternative Domain Names(CNAMEs)" and enter the domain name you want to redirect (no http).

Next in the "SSL Certificate" section choose the "Custom SSL Certificate (example.com)" radio button and in the box below, when you click in the box amazon should auto-populate the text. Choose the certificate you created earlier. If it's not there, you missed a step earlier.

Custom SSL Certificate

Now click the "Create Distribution" button at the bottom of the page.

Create Distribution

Test records via CURL
Go to Simone's Article for details on using CURL to test your DNS records.

Point the DNS record to CloudFront endpoint
The final step is to go to Route53 (or your domain provider) and create a DNS record to redirect the hostname. Go to Route53 and click "Create Record Set". For the name enter the name of the host you want to redirect. Note that AWS will append the root domain for you if its a subdomain. The record type should be "A - IPv4 address". Set "Alias" to "Yes" and for "Alias Target" when you click in the text field it should be auto-populated with values from Cloudfront. Choose the appropriate Cloudfront distribution. Now click "Save Record Set":

Create A Record

So now you should have two records for the redirected domain. An A and a CNAME record. That's it! Hope this helps someone out.

Happy Coding!

Posted on Jan 21 by:

marklocklear profile

J. Mark Locklear

@marklocklear

Web Developer. Home brewer, old motorcycle junkie. Erica's partner + Faith's dad.

Discussion

markdown guide
 

When you add your domain to ACM I suggest to also add the wild card domain eg.

example.com
*.example.com

This will save lots of pain down the road.
Also might be worth noting that it's better to use
a subdomain eg. www instead of naked domain due to the scoping of how cookies work. I used to love the naked domain until I ran into cookie issues and CORS.