Ok, I figured this out. My certificate, cloudfront, and route53 are set up correctly, so this is what I had to fix:
- Your s3 bucket name cannot have a dot or period in it. That is, example.com won't work, so you'd name it example-com
- Your s3 bucket should not be set up to host websites. This is because it's the origin for cloudfront. Cloudfront is the website, not your s3 bucket. (Then in Route53, make sure you have an alias (A) record pointing to the cloudfront distribution.)
You can't rename a bucket so I created a new one with the right naming convention. I haven't figured out the subdomain, but that part is secondary and is going to be moved into the main domain.
Hope this helps someone. It's not documented as a straightforward workflow in the aws docs, rather as notes. If anyone from the AWS docs team sees this, please let my post be a vote for docs specifically on this workflow.
If those who work on this AWS functionality see this, it'd be so cool if setting up https for static sites using s3 were simplified. Thank you!
Can't use ACM certificate in Cloudfront ChinaAccepted Answerasked 4 months ago
Creating CloudFront Distribution, where do I enter my domain name?Accepted Answerasked 8 days ago
Static website in S3 not working with HTTPSasked 2 years ago
SSL certificate with S3 bucketasked 14 days ago
How can I use the same domain name in different AWS accounts?asked 3 years ago
HTTPS/TLS + static S3 websitesAccepted Answerasked 2 years ago
How to use https with S3 (Alternate Domain Names) and Cloudfrontasked 3 years ago
How to use the same ACM certificate with CloudFront and ELBAccepted Answerasked 4 years ago
I can't delete my certificate because it's associated with an invisible cloudfront distributionAccepted Answerasked 9 days ago
S3 Static Website RoutingRules when using Cloudfront and a domain nameasked 3 years ago