HTTPS/TLS + static S3 websites

Question

A customer is currently hosting a static website on S3 and want to enable HTTPS/TLS connections. Currently the domain resides outside AWS and the customer has created a certificate that they want to use. I was reading through documentation and it says the only way to achieve this is by redirecting to Cloudfront.

Any thoughts on this? What is the simplest way to achieve this ? Can this be achieved without using Cloudfront? Will the customer need to import their certificate to ACM?

Thanks

Any thoughts on this? What is the simplest way to achieve this ? Can this be achieved without using Cloudfront? Will the customer need to import their certificate to ACM?

Thanks

Accepted Answer

CloudFront would be the best option, since as well as providing the requirement (HTTPS on custom domain name) it will also provide added benefits of lower latency and lower costs (assuming that the clients for the website are outside the AWS region that the bucket it located).

This is a common usecase for CloudFront. CloudFront supports [custom CNAMEs][1] and certificates (either through ACM or third-party provided certificates) and using S3 as an origin - either via its website endpoint or directly using the [S3 API endpoint][2].

[1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
  [2]: https://aws.amazon.com/cloudfront/getting-started/S3/

HTTPS/TLS + static S3 websites

Contenido relevante