DEV Community

TechEazy Consulting
TechEazy Consulting

Posted on

Securely Host Website with AWS CloudFront + Private S3 + Route 53 (Custom Domain + HTTPS)

๐ŸŒ Introduction

If you directly host a static site on AWS S3 (public), your files are exposed to the internet. This is fine for simple hosting, but not secure for production.

The best practice is:

  • Keep your S3 bucket private
  • Serve content via CloudFront (with caching + HTTPS)
  • Map domain using Route 53

This way, CloudFront acts as a secure CDN, while S3 only accepts requests from CloudFront โœ…

By the end, youโ€™ll have this flow:
๐Ÿ‘‰ Browser โ†’ Route 53 (DNS) โ†’ CloudFront (HTTPS + caching + SSL) โ†’ S3 (private)


๐Ÿ”’ Step 1: Keep Your S3 Bucket Private

  • Block Public Access = ON โœ… (default)
  • Disable Static Website Hosting
  • Remove any public bucket policy

๐Ÿ‘‰ Your bucket should have no public access.


โšก Step 2: Create a CloudFront Distribution

  • Go to CloudFront โ†’ Distributions โ†’ Create Distribution
  • Custom Domain: Enter your domain name (myapp.com)
  • If no SSL โ†’ Request a free SSL certificate from ACM and attach it
  • Specify Origin:

    • Origin type โ†’ S3
    • Origin โ†’ Select your bucket
    • Origin Path โ†’ /index.html (if required)
    • Enable OAC (Origin Access Control) โ†’ Allows CloudFront to access your private S3 bucket
  • Leave other settings as default

  • (Optional) WAF โ†’ Not needed for now

  • Save distribution


๐Ÿ“œ Step 3: Update S3 Bucket Policy

  • After CloudFront is created โ†’ it will suggest a bucket policy (under Settings โ†’ Origins โ†’ Edit)
  • Copy that policy and paste it into your S3 bucket policy section
  • โœ… This ensures that only CloudFront can read from your S3 bucket

๐ŸŒ Step 4: Update Route 53 DNS

  • Go to your Hosted Zone (example: myapp.com)
  • Create a Record:

    • Name โ†’ myapp.com
    • Type โ†’ A (Alias)
    • Alias โ†’ Yes
    • Target โ†’ Select your CloudFront distribution
  • (Optional) Create another record for www.myapp.com โ†’ CloudFront


๐Ÿงช Step 5: Test Setup

  • Wait 5โ€“15 minutes for CloudFront distribution to deploy
  • Open:
  https://myapp.com
Enter fullscreen mode Exit fullscreen mode
  • Flow is now: Browser โ†’ Route 53 โ†’ CloudFront โ†’ S3 (private) ๐ŸŽ‰

๐ŸŽฏ Conclusion

With this setup, you get a secure and production-ready website hosting on AWS:

โœ… Private S3 bucket (no public exposure)
โœ… CloudFront with HTTPS + caching
โœ… Custom domain via Route 53
โœ… Free SSL from ACM

This is the recommended AWS architecture for static site hosting in production ๐Ÿš€


โœ… Next Steps

๐Ÿš€ Be interview-ready in the era of AI & Cloud โ€” start your DevOps journey today!

๐Ÿ’ก YouTube wonโ€™t get you a job. Real projects + real internship certificate will.

๐Ÿ”ฅ AI is reshaping jobs. Donโ€™t watch it happen, be part of it with DevOps & Cloud skills.

๐ŸŽฏ โ‚น2000/month today = Dream job tomorrow. Secure your spot now.

โณ Every month you wait, Cloud + AI jobs are being filled. Donโ€™t miss out!

๐ŸŒ DevOps + AWS + AI = The skillset every recruiter is hunting for in 2025.

๐Ÿ‘‰ Register now at TechEazy Consulting

Top comments (0)