Recently at work I encounter a challenge. We needed to migrate our company website from an agency to HubSpot. The challenge was that HubSpot does not support A records for root domains, only CNAME records. It also does not provide a domain redirect service, like the agency did. Furthermore, since we use AWS Route53 to manage our DNS, and we use our root domains for emails, we cannot have CNAME records alongside SOA records.
The workaround I managed to implement was using AWS S3 static website hosting, CloudFront with AWS Certificate Manager to support SSL, and of course Route53 to define the recordset.
Here is how it works.
The first step is to set up an Amazon S3 website to redirect traffic to our root domain, e.g. “mysite.com”.
Once you are logged in to your AWS account, under the “Services” menu, select “S3”. From the S3 control panel, select “Create bucket” to set up a bucket for your S3 website.
Name your bucket with the domain name. In our example, this is “mysite.com”. Use the region “US East (N. Virginia) us-east-1”. Untick the “Block all public access” option. Then click “Create” to create your bucket so that you can configure the options.
Your bucket, with the name of your domain, now appears in your list of S3 buckets. Click on it so that you can configure the options needed for it to redirect traffic to your main domain.
After clicking on your bucket, select the “Properties” tab and click on the “Static website hosting” option. Select “Redirect requests” and enter the subdomain where HubSpot is hosting your website - “www.mysite.com”. Specify the protocol as “https”.
This specifies the entire functionality of the S3 website. All it does is take requests and forward them, over HTTPS, to “www.mysite.com”.
Next, we set up the SSL certificate.
Now we use the AWS Certificate Manager service. Click on Get Started and then Request a public certificate. Make sure you are in the “US East (N. Virginia) us-east-1” region.
Under “Domain name” enter the root domain “mysite.com”, as this provides maximum flexibility. Click “Next” and walk through the steps to validate the certificate.
Add the certificate to Route53 by expanding the domain and clicking on “create record on route53”.
When you are done, your new certificate will appear in the AWS Certificate Manager. Once the status shows as “Issued” it is ready to use with CloudFront.
Now we are ready to create the CloudFront distribution.
By itself, neither the DNS nor the S3 website redirection can handle HTTPS traffic. That’s because neither of them can host an SSL certificate for our website. For this purpose we use AWS CloudFront working together with S3.
From your AWS account, under the “Services” menu, select “CloudFront”. Next, from the CloudFront control panel, select “Create Distribution” and pick “Web” as the delivery method.
That will bring you to a “Create Distribution” form where you specify the CloudFront properties for your website. Under “Origin Domain Name” you select the S3 website that you just created. In our case, that is “mysite.s3-website-us-east-1.amazonaws.com”.
The “Origin ID” field will automatically populate with a unique identifier link “S3-mysite.com”. You can leave this alone, it is just used to uniquely identify the origin. Next, scroll down to the section “Default Cache Behaviour Settings”.
Make sure that you have selected “Redirect HTTP to HTTPS” for the “Viewer Protocol Policy” and that you have allowed all the HTTP methods. Once that is done, scroll down to the section labeled “Distribution Settings”. For the “SSL Certificate” property, select “Custom SSL” and select the certificate created in the previous step.
Add the root domain to Alternate Domain Names (CNAMEs).
To finish, scroll to the bottom of the page and click “Create Distribution”. That’s it, you are done setting up CloudFront with the necessary SSL certificate.
Your distribution will appear in the CloudFront listing. Once its status shows “Deployed”, you can start using it.
Now that CloudFront and Amazon S3 are set up, you can configure the DNS in Amazon Route 53.
As mentioned previously, with this solution you need to use Amazon Route 53 as your DNS. The reason that you need to be on Route 53 is that you are going to point your root domain "A" record to your CloudFront distribution (rather than an IP address), and that is a proprietary capability within Amazon Route 53.
From your AWS account, under the “Services” menu, select “Route 53”. Click on “Hosted zone” in the Route 53 dashboard. The, click “Create Hosted Zone” to configure the DNS settings for “mysite.com”.
Enter your domain (e.g., “mysite.com”) under “Domain Name” and click “Create”. This will take you to the DNS editor for your domain. The first step is to create the "A" record for your root domain. Leave the “Name” blank. For “Type” select “A” and for “Alias” select “Yes”. For the “Alias Target”, you need to paste in the CloudFront distribution domain name.
To find that, open a new tab in your browser and go back to the CloudFront dashboard, click on your distribution, and under the “General” tab copy the “Domain Name” value.
Now, go back to your Route 53 tab and paste the “Domain Name” value into the “Alias Target” field. The click “Create” to enter the "A" record.
In Route 53, click on “Create Record Set” again. In the “Name” field, type “www”. Under “Type” select “CNAME”. Paste the HubSpot provided URL in the “Value” field.
Next, click on “Create” to create the “CNAME” record and you will end up back at the DNS table for your domain. As shown below, you should have and “A” record for the root domain that points to CloudFront and a “CNAME” record for “www” that points to HubSpot.
You have now configured your website to redirect from the root domain to “www” that works for both HTTP and HTTPS traffic.