Hi all!
Summary: Our DNS provider, GoDaddy, does not support apex ("A") DNS records pointing to non-static IPs. We want to serve our AWS CloudFront assets to our domain's naked domain, but CloudFront gives us a url, not a static IP.
Here's the current state of our setup:
- We own a domain, let's call it domain.com, through GoDaddy
- We manage the DNS for this domain through GoDaddy
- We store our website assets in AWS S3
- We use AWS CloudFront to serve the website assets from that S3 bucket
- CloudFront gives us a url, like xyz123.cloudfront.net, that the assets are served from
- CloudFront does not give us a static IP address
- We use AWS Certificate Manager to apply an SSL certificate to both our naked domain "domain.com" and www subdomain "www.domain.com"
- The SSL certificate is applied to the CloudFront configuration
- We have a CNAME DNS record pointing the www subdomain to the CloudFront url
- ie. navigating to www.domain.com properly gets served the CloudFront assets, and since we have the SSL certificate applied to this domain and the CloudFront configuration we don't encounter any SSL issues.
- We use a feature on GoDaddy called Forwarding to redirect any http://domain.com naked domain requests to http://www.domain.com
Current issues that we would like to solve:
- We want https://domain.com to serve the CloudFront assets.
- This may involve serving CloudFront assets directly from that url or redirecting it to https://www.domain.com
- We can't serve the assets directly with our current setup because GoDaddy's DNS management does not support apex records pointing to urls - it must point to an IP, and we don't get a static IP from CloudFront
- In past iterations, we’ve used GoDaddy’s Forwarding feature to attempt to redirect https://domain.com to https://www.domain.com, or even http://www.domain.com, but GoDaddy’s Forwarding feature does not support HTTPS requests.
- The Forwarding feature changes the A record to point to GoDaddy’s proxy server, and that proxy server does not have our SSL certificate installed, so we were getting SSL warnings.
- We own another domain, let's call it other-domain.com, and we would like to redirect all requests to both the naked domain and the www subdomain (http and https) to https://www.domain.com.
- We ran into a similar issue here: we can’t use GoDaddy Forwarding here to reroute https requests - it spawns an SSL warning.
We imagine the solutions may be:
- Get a static IP from CloudFront. Is this possible? And are there time, energy, and money costs associated with this?
- Use our own redirect server. We could potentially manage a simple, say, AWS EC2 instance that uses an nginx or Apache server that redirects requests to https://www.domain.com. We could point the naked domain to the IP of the EC2 instance, and have our own SSL certificate installed there. We're not crazy about this because it adds another node of complexity that we manage. We would be more interested in this option if there was some AWS service that gave us SSL-enabled redirect capabilities out of the box - does that exist?
- Change our DNS provider from GoDaddy to AWS Route53. As far as we can tell Route53 allows apex DNS records to point to urls instead of requiring them to point to IP addresses, which means we can just point an A record for domain.com to the CloudFront url. We're also not crazy about this because migrating DNS providers is a lift, and we have many other domains managed through GoDaddy as well.
Any and all feedback / suggestions is welcome. Thank you!