DEV Community

TechEazy Consulting
TechEazy Consulting

Posted on

Securely Host Website with AWS CloudFront + Private S3 + Route 53 (Custom Domain + HTTPS)

#aws #devops #route53 #cloud

🌍 Introduction

If you directly host a static site on AWS S3 (public), your files are exposed to the internet. This is fine for simple hosting, but not secure for production.

The best practice is:

  • Keep your S3 bucket private
  • Serve content via CloudFront (with caching + HTTPS)
  • Map domain using Route 53

This way, CloudFront acts as a secure CDN, while S3 only accepts requests from CloudFront βœ…

By the end, you’ll have this flow:
πŸ‘‰ Browser β†’ Route 53 (DNS) β†’ CloudFront (HTTPS + caching + SSL) β†’ S3 (private)

πŸ”’ Step 1: Keep Your S3 Bucket Private

  • Block Public Access = ON βœ… (default)
  • Disable Static Website Hosting
  • Remove any public bucket policy

πŸ‘‰ Your bucket should have no public access.

⚑ Step 2: Create a CloudFront Distribution

  • Go to CloudFront β†’ Distributions β†’ Create Distribution
  • Custom Domain: Enter your domain name (myapp.com)
  • If no SSL β†’ Request a free SSL certificate from ACM and attach it

  • Specify Origin:

    • Origin type β†’ S3
    • Origin β†’ Select your bucket
    • Origin Path β†’ /index.html (if required)
    • Enable OAC (Origin Access Control) β†’ Allows CloudFront to access your private S3 bucket

  • Leave other settings as default

  • (Optional) WAF β†’ Not needed for now

  • Save distribution

πŸ“œ Step 3: Update S3 Bucket Policy

  • After CloudFront is created β†’ it will suggest a bucket policy (under Settings β†’ Origins β†’ Edit)
  • Copy that policy and paste it into your S3 bucket policy section
  • βœ… This ensures that only CloudFront can read from your S3 bucket

🌐 Step 4: Update Route 53 DNS

  • Go to your Hosted Zone (example: myapp.com)

  • Create a Record:

    • Name β†’ myapp.com
    • Type β†’ A (Alias)
    • Alias β†’ Yes
    • Target β†’ Select your CloudFront distribution

  • (Optional) Create another record for www.myapp.com β†’ CloudFront

πŸ§ͺ Step 5: Test Setup

  • Wait 5–15 minutes for CloudFront distribution to deploy
  • Open: 
  https://myapp.com
Enter fullscreen mode Exit fullscreen mode
  • Flow is now: Browser β†’ Route 53 β†’ CloudFront β†’ S3 (private) πŸŽ‰

🎯 Conclusion

With this setup, you get a secure and production-ready website hosting on AWS:

βœ… Private S3 bucket (no public exposure)
βœ… CloudFront with HTTPS + caching
βœ… Custom domain via Route 53
βœ… Free SSL from ACM

This is the recommended AWS architecture for static site hosting in production πŸš€

βœ… Next Steps

πŸš€ Be interview-ready in the era of AI & Cloud β€” start your DevOps journey today!

πŸ’‘ YouTube won’t get you a job. Real projects + real internship certificate will.

πŸ”₯ AI is reshaping jobs. Don’t watch it happen, be part of it with DevOps & Cloud skills.

🎯 β‚Ή2000/month today = Dream job tomorrow. Secure your spot now.

⏳ Every month you wait, Cloud + AI jobs are being filled. Don’t miss out!

🌐 DevOps + AWS + AI = The skillset every recruiter is hunting for in 2025.

πŸ‘‰ Register now at TechEazy Consulting

Top comments (0)