Delegate subdomain to Route53 to serve static website on S3

Question

Hi all,  
Here is my situation: I bought a domain _domain.ai_ on gandi. I would like to serve the subdomain _admin.domain.ai_ through Route 53, to hit an S3 bucket, with HTTPS.  
  
I have:  
  
- 1 question: Do I really need Cloudfront to have an HTTPS connection or Route53 to an S3 bucket is enough?  
- 1 problem: I followed the guide \[1]. A few hours after doing it, _admin.domain.ai_ seemed to hit AWS DNS servers but, with _nslookup admin.domain.ai_, I received:

```
Non-authoritative answer:
Name:	admin.domain.ai
Address: 18.203.172.170
```

Could you help me on this?  
\[1] https://docs.aws.amazon.com/fr_fr/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html  
  
Edited by: AlexandreSicara on Jun 24, 2019 12:13 AM  
  
Edited by: AlexandreSicara on Jun 24, 2019 12:14 AM

Answer

My answer after a few days:  
  
1. You do need Cloudfront to establish an HTTPS connection with your bucket.  
  
2. To make every request go to admin.domain.ai, here is the path of the request:  
  a. The request hits Gandi (because the domain _domain.ai_ is handled by Gandi)  
  b. Gandi has to redirect it to the AWS servers. For this to happen, you need to add the Name Servers given by Route53:

```
admin 1800 IN NS ns-1194.awsdns-21.org.
admin 1800 IN NS ns-1916.awsdns-47.co.uk.
admin 1800 IN NS ns-287.awsdns-35.com.
admin 1800 IN NS ns-988.awsdns-59.net.
```

Bonus: To have HTTPS connection, here is the process I followed:  
- Go to AWS ACM  
- Request a certificate for admin.domain.ai  
- Ask for a DNS validation  
- In Gandi, I added the record:

```
XXXXXXXXXXXXXXXXXX.admin 1800 IN CNAME YYYYYYYYYYY.ZZZZZZZ.acm-validations.aws.
```

Where the X, Y and Z values were given by AWS ACM.  
  
The certificate was promptly issued and I added it to my Cloudfront distribution.

Delegate subdomain to Route53 to serve static website on S3

Relevant content