Adding an SSL Cert to an S3 Bucket

Intro

I would like my content to be served over HTTPS, so there's some things required to set that up. I'll list a brief summary of what I did to make this site an SSL secured page, and any issue I came up with along the way. Overall, I think it took me 1.5 hours to get this set up due to a major error on my part; it probably would have only been 45 minutes otherwise.

Requesting a Cert from Amazon

  • Go to AWS Cert Manager and follow the link for a public certificate on the left hand side of the screen.
  • MOST IMPORTANT: in the top left corner, make sure you are in the N.Virginia server, or CloudFront will not be able to import the cert. This is what messed me up for 30 minutes.
  • Follow the prompts and input the information about your domain.
  • I use Amazon's Route 53 as my DNS, and there are some awesome buttons that automatically create the appropriate fields for you.
  • It took about a minute for the service to validate the certs.

Make a Distribution on CloudFront

  • Go to AWS CloudFront and make a new distribution.
  • Your S3 bucket should be the in the dropdown list. If you select it, you are using the API interface. Instead, you need to us the link to your bucket (it can be found in your S3 console under the static web hosting tab). It should look like example.com.s3-website.us-east-2.amazonaws.com
  • Click on every (i) info button on the right hand side and, if it applies to you, enter the information.
  • I choose to redirect my http content to https, but you can choose one of the three options.
  • Make sure you point the distribution at an actual site, like index.html or what you have as the main page you want people to come to.
  • Select the custom cert in the dropdown.
  • Create! It took about four minutes for my site to be up.

Update your DNS

  • Copy the link to your CloudFront Distribution and add it to CNAME and A records in your DNS, which redirect your www.example.com to the CloudFront site.
  • You may have some internal links (like pictures or CSS) in your site that are still using http instead of https. Update these so the browser doesn't block them.
  • Profit!

I hope this helps. The process is fairly simple as long as you select the right server to host your certs.