Hosting via CloudFront
You can host via CloudFront a DNS for speed, plus Amazon Certificate Manager to provide SSL. It's minor, but if you already did the instructions to host directly via S3, there will be a security hole open for access through S3.
First, change your AWS region to US East (N. Virginia), the certificate is required to be there.
In the AWS Management Console, open the Amazon Certificate Manager and request a public certificate. Use both *.yourwebsite.com
and yourwebsite.com
as domain names. Use DNS validation, which will tell you to create a CNAME
record in your DNS with the given name
and value
(note that name
is the full url host, your DNS may only need the subdomain of the name
to specify the host).
Create that CNAME
record and wait until Amazon Certificate Manager validates.
Once validated, go to Amazon CloudFront and create a distribution. Choose Web
and:
- Link CloudFront and S3 privately through an Origin Access Identity:
- Origin Domain Name:
<S3_BUCKET>
- Restrict Bucket Access: Yes
- Origin Access Identity: Create a new identity
- Grant Read Permissions on Bucket: Yes, Update Bucket Policy (this will change the bucket policy on S3 for CloudFront access)
- Origin Domain Name:
- Allow access through another domain:
- Alternate Domain Names (CNAMEs): yourwebsite.com (url you’re hosting)
- Default Root Object: index.html
- SSL Certificate: Custom SSL Certificate, choose the Amazon Certificate Manager certificate
These are the must have options, I’d browse through the other options and see what you like. You can go to Error Pages
to point 403
errors to 404.html
and respond with a 404
.
After creation and when status is deployed (a few minutes), you can access your website via the Domain Name
(<some_hash>.cloudfront.net). Create a CNAME
record on your DNS to point the url you’re hosting (yourwebsite.com) to that Domain Name
.