Static website using s3 buckets and cloudfront


I have been trying to create a secure website with a domain name registered in route 53. I Requested a public certificate so that Amazon CloudFront distributions require HTTPS. I created 2 buckets in s3 and selected on Block all public access. I followed the instructions to create a cloudfront distribution in "Configuring Amazon Route 53 to route traffic to a CloudFront distribution". I created OAC and copied the policy to the bucket policy. I created an alias record that points to my CloudFront distribution. Can't access the website.

If the Block all public access is set to on for a bucket used for a static website, can the website be accessed by routing traffic to a CloudFront distribution.

4 Answers
Accepted Answer

Hi User,

You should be able to use CloudFront to serve a website hosted on an S3 bucket with Block Public Access settings enabled. You might want to refer to this link for more details on how you can configure it.

Hope this helps!

answered 22 days ago

Public Access to your bucket must be off, otherwise this will not work. If you read the link that @turtle provided it says:

Add a bucket policy that allows public read access to the bucket that you created. Note: For this configuration, the S3 bucket's block public access settings must be turned off. If your use case requires the block public access settings to be turned on, use the REST API endpoint as the origin. Then, restrict access by an origin access control (OAC) or origin access identity (OAI).

profile picture
answered 22 days ago
  • @rePost-User-9152533 - if you think my answer is to your satisfaction, can you please accept it ? :) if not, happy to assist you more.

  • Thank you! I will have to read up on the REST API.


When I go to certificate manager (certificate is issued) and click “create records in route 53” and I clear the filters, “Validation status: Pending validation”, “Validation status: Failed”, my domains appear with “validation status = success”, “Is domain in Route 53? = yes”. The create record button is not available to be clicked to create the CNAME TYPE records in route 53. The DNS records are validated, and the domain is in Route 53.

Why can’t I “create records in route 53?

answered 20 days ago
  • For you to be able to have an active "Create records in Route 53" button, you would have to satisfy these 3 requirements as per this link:

    1. You are using Route53 as your DNS provider
    2. You have permission to write to the zone hosted by Route 53
    3. Your fully qualified domain name (FQDN) has not already been validated

    In this case, it seems like your domain name has already been validated and hence the button is not available.


I used this link above to set up my s3 bucket to be accessed as a static website. I have used the REST API endpoint as the origin. I restricted access with an origin access control (OAC) I used an incognito window to access the website and it still doesn't find it.

No mention of route 53. Does it need a CNAME type record?

answered 21 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions