Hosting via CloudFront

You can host via CloudFront a DNS for speed, plus Amazon Certificate Manager to provide SSL. It's minor, but if you already did the instructions to host directly via S3, there will be a security hole open for access through S3.

First, change your AWS region to US East (N. Virginia), the certificate is required to be there.

In the AWS Management Console, open the Amazon Certificate Manager and request a public certificate. Use both *.yourwebsite.com and yourwebsite.com as domain names. Use DNS validation, which will tell you to create a CNAME record in your DNS with the given name and value (note that name is the full url host, your DNS may only need the subdomain of the name to specify the host).

Create that CNAME record and wait until Amazon Certificate Manager validates.

Once validated, go to Amazon CloudFront and create a distribution. Choose Web and:

• Link CloudFront and S3 privately through an Origin Access Identity:
  • Origin Domain Name: <S3_BUCKET>
  • Restrict Bucket Access: Yes
  • Origin Access Identity: Create a new identity
  • Grant Read Permissions on Bucket: Yes, Update Bucket Policy (this will change the bucket policy on S3 for CloudFront access)
• Allow access through another domain:
  • Alternate Domain Names (CNAMEs): yourwebsite.com (url you’re hosting)
• Default Root Object: index.html
• SSL Certificate: Custom SSL Certificate, choose the Amazon Certificate Manager certificate

These are the must have options, I’d browse through the other options and see what you like. You can go to Error Pages to point 403 errors to 404.html and respond with a 404.

After creation and when status is deployed (a few minutes), you can access your website via the Domain Name (<some_hash>.cloudfront.net). Create a CNAME record on your DNS to point the url you’re hosting (yourwebsite.com) to that Domain Name.