Question about AWS S3 + Cloudfront + ACM + Route 53 (Static website DNS)

Question

I am trying to use AWS S3 Busket, Route 53, and Cloudfront to host a static website. I also issued SLL using ACM. I am having some issues with the subdomain 'www', root seems to be working.

Here are the details:

**S3 Bucket:**
===========
1. Bucket location: US West (Oregon) us-west-2
2. Publicly accessible
3. Static website hosting
4. Block all public access if off
5. Using the following policy:
```
  {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::example.com/*"
        }
    ]
}
```
6. ALC: Bucket owner (Objects=List, Write | Bucket ACL = Read, Write)
7. All objects have been made public using ACL

**ACM:**
======

1. Created a certificate in US East (N. Virginia) us-east-1
2. Made sure to add both my root and sub domain to certificate (example.com and www.example.com

**Cloudfront:**
===========
1. Created a distribution using Cloudfront
2. Applied the certificate to it
3. Supported HTTP version = HTTP/2

**Route 53**
=========
1. Created a hosted zone
2. Assigned the Alias to point to the CloudFront distribution

This is where I think the problem started. Since the certificate was in us-east-1, I could not create a record in Route 53 directly from ACM. So I manually added CNAMEs for root and subdomain in Route 53.

Then I copied the DNS to my domain provider (Google domains).

Now I an seeing the https://example.com seems to work but https://www.example.com still gives error.

Am I doing some thing wrong here?

Thanks

Accepted Answer

Hello.

With only one CloudFront, you probably won't be able to accomplish what you are trying to do.  
So, create a CloudFront distribution for www.example.com and a CloudFront distribution for example.com.  
In the case of the domain www.example.com, I think you can solve this problem by setting up the S3 content to redirect to example.com.  
The following StackOverFlow answers may be helpful.  
https://stackoverflow.com/questions/28675620/cloudfront-redirect-www-to-naked-domain-with-ssl

Answer

Sounds like you’re trying to host a domain and subdomain on the same cloud front distro.

This is straightforward and doesn’t need to be complicated. Please follow the steps mentioned here https://repost.aws/knowledge-center/multiple-domains-https-cloudfront

You don’t need to copy dns to google. You host your dns records where ever the domain name servers are hosted.

Answer

ok, I followed the instructions on Stackoverflow and creates a new bucket for www and also created a new distribution for it.
I am confused about the last step described in the post:
* Configure DNS by setting A records for www.example.com and example.com to point to corresponding CloudFront distributions.

I am already using name servers from the Hosted Zone for example.com
So do I also need to create a new hosted zone for www and then copy the new nameservers to the domain name provider?
Some clarification here will be helpful.

Or I do not need to use Route 53 and I can simply point A records to the Cloudfront URL? A records only take IP address and not a URL, so that was also confusing.

DNS Recode	type	value
example.com	Alias (A Recode)	example.cloudfront.net
www.example.com	Alias (A Recode)	www.example.cloudfront.net

Question about AWS S3 + Cloudfront + ACM + Route 53 (Static website DNS)

S3 Bucket:

ACM:

Cloudfront:

Route 53

Relevant content