Skip to main content

Adding SSL support to an S3 hosted site

Back-end Development

If you only wish to serve a static website unencrypted via HTTP, then you can get away with only using the AWS s3 service. More information on this process can be found here. However, it is good practice to always use a SSL Certificate via the HTTPS protocol. In order to do this, another AWS service called Cloudfront is required in addition to the s3 service.

Cloudfront offers more control of how you expose your site to the internet, giving you some of the control you might be accustomed to with Apache or NGINX. In order to use it with our s3 bucket, we need to create a new Distribution. This is done from the Cloudfront dashboard by simply clicking on the ‘Create Distribution’ button.

Next, select a ‘Web’ distribution (this is the default). The first required field is our ‘Origin Domain Name’, which in this case is our s3 bucket. Lucky for us they provide an autocomplete / select for all the buckets on s3 that can be used for serving a site.

The next section we are interested in looking at is the SSL Certificate field set. We have a couple of options, the first is simply to serve the site with the default Cloudfront certificate, which is great when getting started and a site is not yet live. The problem is that this certificate won’t work for custom domains, which you are most certainly going to have. So we need to procure a certificate for our live URL. At Rapid Development Group we often use the Let’s Encrypt service for provisioning free certificates, however, AWS now offers their certification provisioning free of charge making this the obvious choice for our s3 site.

After choosing the option to use a Custom SSL Certificate, click on the button to request (or import) a new Certificate. This will walk you through the process of requesting and validating your domain for authenticity. One benefit to procuring a certificate this way is that the certificate will be ready to simply select from the distribution page once the process is complete. No need for uploading and downloading key files.

Once your distribution is created, you will have a new Cloudfront URL that is visible on the main distributions dashboard. All that is left is updating your DNS with a new CNAME record that points to your new Cloudfront URL.

And that’s it! What once was a fairly confusing setup process is now quite simple and straight forward.