By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

setting up an S3 bucket with https

0

I use S3 for personal stuff. Security not necessary for my content. I was happy with putting things into an S3 bucket and serving up through http, but many web browsers now refuse to access the pages because they are http instead of https.

I went to Cloudfront to create a distribution for my S3 bucket. That seemed to go OK. When I hit the Cloudfront endpoint, the site shows up. Cool. But then I tried to configure Route 53 to point to it and get no love out of it.

I tried to request a certificate for my domain and see that Amazon wants to verify my ownership, so it was supposed to send an e-mail for verification. I am the owner and admin for the domain, but didnʻt get an e-mail.

Topics
StorageNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceAmazon CloudFrontAmazon Route 53
Language
English
Rustybutt
asked 8 days ago62 views
2 Answers
0

While using S3 for personal content with HTTP might seem sufficient, you're correct that many modern browsers now require HTTPS for security reasons. To set up HTTPS for your S3-hosted website, you'll need to use CloudFront, as S3 website endpoints don't support HTTPS directly.

Here's a step-by-step approach to resolve your issues:

  1. CloudFront Distribution: It's good that you've created a CloudFront distribution for your S3 bucket. Make sure you've configured it to use HTTPS. In the distribution settings, set the "Viewer Protocol Policy" to "Redirect HTTP to HTTPS" or "HTTPS Only".

  2. SSL/TLS Certificate: For HTTPS, you need a valid SSL/TLS certificate. You mentioned trying to request a certificate through Amazon Certificate Manager (ACM). If you didn't receive the verification email, check the following:

    • Ensure you've requested the certificate in the US East (N. Virginia) region, as CloudFront requires certificates to be in this region.
    • Check if the email was sent to the domain registrant, administrator, or technical contact listed in the WHOIS record of your domain.
    • Look in your spam folder.
    • If you still don't receive it, you can use the DNS validation method instead, which doesn't require email verification.

  3. Route 53 Configuration: To point your domain to the CloudFront distribution:

    • Create an A record in Route 53.
    • Choose "Alias to CloudFront distribution" as the record type.
    • Select your CloudFront distribution from the dropdown list.

  4. CloudFront Origin Settings: Ensure your CloudFront distribution is correctly pointing to your S3 bucket. If your S3 bucket is configured as a website endpoint, use the S3 website URL as the origin, not the bucket URL.

  5. Wait for Propagation: After making changes, it can take some time (usually up to 24 hours) for DNS changes to propagate globally.

By following these steps, you should be able to serve your S3-hosted content over HTTPS using your custom domain. Remember to update any absolute URLs in your content to use HTTPS instead of HTTP.
Sources
Website endpoints - Amazon Simple Storage Service
WKLD.13 Require HTTPS for all public web endpoints - AWS Prescriptive Guidance
Require HTTPS for communication between CloudFront and your Amazon S3 origin - Amazon CloudFront
Community | Hosting my Static Website in an AWS S3 Bucket + CloudFront— Part 2

profile picture
re:Post Agent
answered 8 days ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 8 days ago
  • Rustybutt
    7 days ago

    I got the certificate issued. But when I went to Route 53 to create an A record, choosing "Alias to CloudFront distribution", there was no CloudFront distribution available to choose from, even though one has been made.

0

Hello.

ACM changed the specifications for email validation around June 2024.
This may be the reason why you are not receiving emails.
https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html

ACM no longer supports WHOIS email validation for new certificates or renewals. Common system addresses remain supported. For details, see blog post.

If you manage your domain with Route 53, I recommend using DNS validation.
If you use Route 53, it provides an option to easily create a CNAME record for DNS validation.
https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html

profile picture
EXPERT
Riku_Kobayashi
answered 8 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content