avatarDavid Sugden

Summary

The website provides a guide on configuring a secure custom domain with Amazon CloudFront, including SSL certificate setup via AWS Certificate Manager and DNS configuration using Route 53.

Abstract

The article is a step-by-step tutorial on how to set up a custom domain for a CloudFront distribution. It explains the importance of using a CDN like CloudFront for low-latency content delivery and details the process of securing the domain with an SSL certificate from AWS Certificate Manager, which is a free service that handles automatic renewal. The guide assumes the user manages their domain through Route 53 and outlines the necessary steps to configure DNS settings to point to the CloudFront distribution, ensuring the content is served through the custom domain over HTTPS. The process involves adding alternative domain names to CloudFront settings, selecting the appropriate SSL certificate, and creating alias records in Route 53 for both IPv4 and IPv6. The author emphasizes the ease and benefits of this setup, including improved website performance and free SSL management.

Opinions

  • The author stresses the importance of selecting the North Virginia region for obtaining an SSL certificate in AWS Certificate Manager.
  • Using Route 53 for DNS management is recommended for simplicity, but the author provides an alternative for those using different DNS services.
  • The author highlights the benefit of Amazon's free SSL certificate service and its automatic renewal feature.
  • The guide is tailored for users who already have their content hosted on S3 and served through CloudFront, with a reference to another guide for setting up S3 with CloudFront.
  • The author suggests that the process is straightforward and can be completed quickly, with the SSL certificate validation typically taking just a few minutes.
  • The article concludes with the author expressing hope that the reader finds the guide useful and invites comments and feedback.

Configure a secure custom domain in CloudFront

A five-minute walk through to demonstrate how to configure a custom domain in CloudFront, set up a certificate and configure Route 53.

CloudFront is Amazon’s low-latency Content Delivery Network (CDN). Using a CDN speeds up the distribution of content to visitors by serving content from edge locations that are closest to the user.

Delivering content from Amazon S3 using CloudFront edge locations

At the time of writing, Amazon has 216 Points of Presence (205 Edge Locations and 11 Regional Edge Caches) in 84 cities across 42 countries.

When you set up your CloudFront distribution, straight out of the box with the default settings you will have your own cloudfront.net domain.

(that is assuming you have already configured CloudFront in front of an S3 bucket that holds your static web content, but if not check out this guide on serving static content from S3 using CloudFront and come back)

But what if you want to serve your content from my-custom-domain.com.

To use a custom domain requires a combination of Route 53 — Amazon’s highly available and scalable cloud DNS web service — and some additional configuration CloudFront. It doesn’t take too long to set up.

Before we start, I assume that you have your domain managed in Route 53; it doesn’t matter if you don’t, but this guide assumes you do.

There is an initial step to obtain an SSL Certificate within Certificate Manager. This allows you to serve your content over https and is a service provided by Amazon for free, and they’ll also take care of its renewal.

Within the Certificate Manager service, make sure you change your region to North Virginia; I cannot emphasize this one enough as it’s caught me out many a time. Then Request a Certificate.

The form is pretty self explanatory and you’ll need to provide a means to prove you own the domain — if you’re using Route 53, and we assume you are, then selecting the option that Amazon automatically manages the validation is the simplest approach. The process usually takes a few minutes.

Now head over to CloudFront and set up your custom domain. This can be done at the time of creating the distribution, but don’t worry if you forgot — you can go back and edit all these settings later. However, you do have to complete the setting in CloudFront before you finish off the setup in Route 53.

The first setting is to list all your Alternative Domain Names in the CloudFront distribution settings.

Add all your domain names to CloudFront distribution settings

The second setting is to reference the SSL Certificate you created. Check the Custom SSL Certificate (example.com) option and pick your SSL Certificate from the list. Warning; your Alternate Domain Names must match those you specified in the SSL Certificate provisioning request — so if you don’t see your certificate in the list, that is probably the reason.

With these settings done, the final step is to configure the DNS in Route 53.

In your domain hosted zone in Route 53, select to Create Record Set.

We will be creating as an A record for IPv4 and we’ll select the Alias option.

In the Alias Target, you will find your CloudFront distribution — select and save. Warning; your Alternate Domain Names you configured in CloudFront must match the record set name — so if you don’t see your CloudFront distribution in the target drop down list, that is probably the reason.

Repeat to create an AAAA record for IPv6.

And that’s it. Success. You will find that you are now able to view your website using my-custom-domain.com, with all the added benefits of CloudFront providing edge locations around the world to reduce latency for your visitors. You will also have an SSL Certificate that is managed by Amazon and will be automatically renewed for you (at the time of writing, it’s free).

Variations. If you don’t use Route 53, the final step will be to add a CNAME entry in your DNS settings and set the value to your CloudFront domain.

A note from the author

Thank you for reading this article — I hope you found this article useful and I look forward to your comments and feedback.

You can follow me on Twitter and connect on LinkedIn.

Cloudfront
AWS
Aws Certificate Manager
Route 53
Custom Domain
Recommended from ReadMedium