# CloudFront set up

**Step 1: Get an SSL Certificate (Free with AWS Certificate Manager)**

Go to AWS Certificate Manager (ACM) in the US East (N. Virginia) region (this is required for CloudFront)
Click "Request a certificate"
Choose "Request a public certificate"
Enter your domain name: richardfrancis.info and www.richardfrancis.info
Choose DNS validation (easier if you use Route 53) or email validation
Complete the validation process

**Step 2: Update Your CloudFront Distribution**

Go to CloudFront console and select your distribution
Click on the "General" tab, then "Edit"
In the "Custom SSL Certificate" section, select your newly created ACM certificate
Set "Security Policy" to TLSv1.2_2021 or later
Save changes

**Step 3: Configure HTTPS Behavior**

Go to the "Behaviors" tab in your distribution
Select the default behavior and click "Edit"
Under "Viewer Protocol Policy", choose:
"Redirect HTTP to HTTPS" (recommended - automatically redirects HTTP traffic to HTTPS)
OR "HTTPS Only" (blocks HTTP requests entirely)
Save changes

**Step 4: Update Origin Settings**

Go to the "Origins" tab
Select your S3 origin and click "Edit"
Set "Origin Protocol Policy" to "HTTP Only" (since S3 website endpoints don't support HTTPS)

**Step 5: Wait for Deployment**

Changes take 15-30 minutes to propagate globally
You can monitor the status in the CloudFront console

**Step 6: Update Your DNS (if needed)**

If you're not already using Route 53, make sure your domain points to your CloudFront distribution URL, not directly to S3.

Once this is complete, your website will be accessible via HTTPS, which will:

Improve your search engine rankings
Build trust with potential clients
Secure data transmission
Enable modern web features

# 🧭 DNS + Routing Deployment – API Gateway + CloudFront Architecture

This configuration creates a secure, production-grade structure for hosting static content and dynamic APIs under a single domain.

---

## 🌐 Domain Setup: richardfrancis.info

- Registered domain in Route 53
- DNS zone contains alias records for:
  - `richardfrancis.info` → CloudFront for static assets
  - `api.richardfrancis.info` → API Gateway for dynamic content
  - `api-richardfrancis.info` → API Gateway for dynamic content

---

## 🧱 Static Content Layer

| Component    | Purpose                          | Configuration                         |
|--------------|----------------------------------|----------------------------------------|
| **S3 Bucket** | Hosts static assets              | `richardfrancis.info` bucket (public) |
| **CloudFront** | CDN + HTTPS delivery            | Origin: S3 website endpoint + ACM cert |

CloudFront uses viewer protocol policy: `Redirect HTTP to HTTPS`, secured with certificate from ACM (N. Virginia). Routes to `richardfrancis.info`.

---

## 🔄 Dynamic Content Layer

| Component        | Purpose                          | Configuration                           |
|------------------|----------------------------------|------------------------------------------|
| **Lambda**       | Executes backend logic           | Stateless, serverless functions          |
| **API Gateway**  | Routes requests to Lambda        | HTTP API type + CORS enabled             |
| **ACM Certificate** | Secures custom domain         | `api.richardfrancis.info` via DNS validation |

API Gateway uses custom domain with secure base path mapping and HTTPS routing.

---

## 🔧 DNS Summary

| Record Type | Name                        | Target                        | Function             |
|-------------|-----------------------------|-------------------------------|----------------------|
| `A (Alias)` | `richardfrancis.info`       | CloudFront distribution       | Static assets        |
| `A (Alias)` | `api.richardfrancis.info`   | API Gateway regional endpoint | Lambda interaction   |

ACM and DNS configured to match security policies (`TLSv1.2_2021`), ensuring cross-domain trust and inheritance viability.

---

## 📦 Integration Flow

Frontend JS:
```js
fetch("https://api.richardfrancis.info/contact", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify(payload)
});


# cloudfront api.richardfrancis.info