First off a big thanks to Simone Carletti and his article on the topic. I basically ripped off everything from his article to create this one but with a little less detail and updated screenshots. Thank you Simone!
The reason this process was helpful for me was that my organization had a bunch of legacy domains that we needed to remain active, but we wanted to redirect them to other domains. In addition we needed them to respond to https. Prior to this we have a bunch of servers that remained online for sole purpose of being able to respond and redirect https domains to other domains. This solution allowed us to take those servers offline.
This whole process can take up to an hour assuming you get everything right the first time (you probably won't) so grab a Snickers and let's do this!
The overall steps:
-Configure S3 Bucket
-Issue an SSL Certificate via Amazon Certificate Manager (ACM)
-Configure Amazon CloudFront HTTPS redirect
-Test records via CURL
-Point the DNS record to CloudFront endpoint
Let's dive right in!
Create a new Amazon S3 bucket:
On the first page enter the "Bucket Name" with the same name (without the http) as the origin domain (the domain name you want to redirect).
Now click through the rest of the settings keeping the defaults until you reach the "Create Bucket" button. Now click the "Create Bucket" button.
Now back on the S3 main page click the name of the bucket you just created and click the "Properties" tab:
Now click the "Static website hosting" box:
On this page you want to choose "Redirect requests" and enter the target bucket (this is the domain name you want to redirect to) along with the protocol. One last thing before clicking save. Make note of the "Endpoint" on the page. Go ahead and copy the endpoint and paste it in a text editor. We will need this later. After entering that information click "Save":
Issue an SSL Certificate via Amazon Certificate Manager (ACM)
To create an SSL cert go to AWS Certificate Manager in AWS. Super important step here, you must (or at least I had to) choose "US East(N. Virginia) from the drop-down in the upper right-hand corner of the AWS console:
Now click "Get Started" under "Provision certificates":
After clicking "Get Started" choose "Request a public certificate" then click the "Request a certificate" button:
On Step 1 enter the domain you want to redirect (no http(s)) then click next:
On Step 2 choose "DNS Validation" (this is assuming you are using Route 53 or have access/ability to create DNS records for your domain) and choose next:
You can choose the defaults for Steps 3 and 4 and finally click "Confirm and Request" at the end:
At this point, you should see something like "Pending validation" for the status of the certificate you just issued. The subsequent page should also give you CNAME record name and value to configure in your DNS provider. If you are using Route53 go to the Route53 console in AWS and click "Create Record Set" and in the "Name" section paste the "Record Name" value provided from Certificate Manager. For "Type" choose CNAME. For Alias choose "No" and in the "Value" box paste the "Record Value" value provided from the Certificate Manager. Here is what mine looks like:
In a few minutes, the status over in the Certificate Manager should change to "Issued" for the Certificate you created.
Configure Amazon CloudFront HTTPS redirect
Go to CloudFront Distributions in AWS and click the "Create Distributions" button:
On the next screen choose "Get Started" under "Web" for the delivery method:
On the subsequent page in the "Origin Domain Name" box insert the S3 endpoint you saved earlier. Do not use the auto-suggested endpoints that you see when you click in the box. You need to use the endpoint displayed when you view the properties of the S3 bucket.
Scroll down and find "Alternative Domain Names(CNAMEs)" and enter the domain name you want to redirect (no http).
Next in the "SSL Certificate" section choose the "Custom SSL Certificate (example.com)" radio button and in the box below, when you click in the box amazon should auto-populate the text. Choose the certificate you created earlier. If it's not there, you missed a step earlier.
Now click the "Create Distribution" button at the bottom of the page. The status should then be "In Progress" with a spinner; this may take a while, so go grab lunch. Once you see "enabled" as the status in CloudFront, then you can move forward with the steps below.
Test records via CURL
Go to Simone's Article for details on using CURL to test your DNS records.
Point the DNS record to CloudFront endpoint
The final step is to go to Route53 (or your domain provider) and create a DNS record to redirect the hostname. Go to Route53 and click "Create Record Set". For the name enter the name of the host you want to redirect. Note that AWS will append the root domain for you if its a subdomain. The record type should be "A - IPv4 address". Set "Alias" to "Yes" and for "Alias Target" when you click in the text field it should be auto-populated with values from Cloudfront. Choose the appropriate Cloudfront distribution. Now click "Save Record Set":
So now you should have two records for the redirected domain. An A and a CNAME record. That's it! Hope this helps someone out.
Happy Coding!
Latest comments (1)
When you add your domain to ACM I suggest to also add the wild card domain eg.
This will save lots of pain down the road.
Also might be worth noting that it's better to use
a subdomain eg. www instead of naked domain due to the scoping of how cookies work. I used to love the naked domain until I ran into cookie issues and CORS.