Lab Overview
PREREQ: Complete Lab 01 — S3 Static Website before this lab. You need an existing S3 static website.
Upgrade your Lab 01 website with a custom domain name, a free SSL certificate, and a global CDN. After this lab your site will be available at https://yourdomain.com with automatic HTTP-to-HTTPS redirection and low-latency delivery worldwide.
| Service | Purpose | Free Tier |
|---|---|---|
| Amazon Route 53 | Domain registration and DNS management | ~$12–15/year for .com domain |
| AWS CloudFront | Global CDN — serves your site from edge locations worldwide | 1TB data transfer + 10M requests/mo free |
| AWS ACM | Free SSL/TLS certificate for HTTPS | Always free for use with CloudFront |
| Amazon S3 | Stores your website files — unchanged from Lab 01 | Free Tier |
Step-by-Step Instructions
1
Amazon Route 53
Register a Domain Name
- Search for
Route 53in the AWS Console and click it - In the left sidebar click Registered domains
- Click Register domains
- Search for your desired domain name e.g.
yourdomain.com - Select a domain and click Select
- Fill in your contact information
- Click Submit order
- Wait for the confirmation email — registration takes 10–30 minutes
NOTE: Use
yourdomain.com as a placeholder throughout this lab. Replace it with your actual registered domain.2
AWS ACM
Request an SSL Certificate
WARNING: You MUST switch to US East (N. Virginia) us-east-1 region before requesting this certificate. CloudFront only works with certificates in us-east-1.
- Search for
Certificate Managerand click it - Confirm the region shows N. Virginia in the top right
- Click Request a certificate
- Select Request a public certificate → Next
- Domain name:
yourdomain.com - Click Add another name and add
www.yourdomain.com - Validation method: DNS validation → Request
- Click Create records in Route 53 to auto-add the validation DNS records
- Wait 5–10 minutes for status to change from Pending to Issued
3
Amazon S3
Update Bucket for CloudFront
- Go to S3 → your bucket → Properties
- Note down the Static website hosting endpoint URL — you need it in Step 4
- No other changes needed to the bucket itself
4
Amazon CloudFront
Create a CloudFront Distribution
- Search for
CloudFrontand click it - Click Create a CloudFront distribution
- Origin domain: paste your S3 website endpoint URL (not the S3 bucket URL)
- Protocol: HTTP only (S3 website endpoints don't support HTTPS as origin)
- Viewer protocol policy: Redirect HTTP to HTTPS
- Alternate domain names (CNAMEs): add
yourdomain.comandwww.yourdomain.com - Custom SSL certificate: select the certificate you created in Step 2
- Default root object:
index.html - Click Create distribution
- Wait 10–15 minutes for the distribution to deploy — Status changes to Enabled
- Copy the Distribution domain name e.g.
abc123.cloudfront.net
5
Amazon Route 53
Point Your Domain to CloudFront
- Go to Route 53 → Hosted zones → yourdomain.com
- Click Create record
- Record name: leave blank (for the root domain)
- Record type: A
- Enable Alias
- Route traffic to: Alias to CloudFront distribution
- Select your distribution from the dropdown
- Click Create records
- Repeat for
www— Create another A record with namewwwpointing to the same CloudFront distribution
6
Web Browser
Test HTTPS Access
- Wait 5–10 minutes for DNS to propagate
- Visit
https://yourdomain.comin your browser - You should see the padlock icon confirming HTTPS
- Visit
http://yourdomain.com— it should automatically redirect to HTTPS - Visit
https://www.yourdomain.com— should also work
TIP: If DNS hasn't propagated yet, test using the CloudFront domain:
https://abc123.cloudfront.netVerification Checklist
- Domain registered in Route 53
- ACM certificate issued for yourdomain.com and www.yourdomain.com in us-east-1
- CloudFront distribution created with S3 website endpoint as origin
- Viewer protocol policy set to Redirect HTTP to HTTPS
- Both domain names added as CNAMEs in CloudFront
- ACM certificate attached to CloudFront distribution
- Route 53 A records created for both root domain and www subdomain
- https://yourdomain.com loads your website with padlock
- http://yourdomain.com redirects to https://yourdomain.com
What You Learned
- Amazon Route 53 — domain registration, hosted zones, and DNS record types (A, CNAME, Alias)
- AWS ACM — requesting and validating free public SSL/TLS certificates using DNS validation
- Amazon CloudFront — content delivery networks, edge locations, and distributions
- HTTPS and HTTP redirection — securing web traffic with SSL and enforcing HTTPS
- Alias records — how AWS Route 53 Alias records differ from standard CNAME records
Lab Cleanup
IMPORTANT: Delete these resources to avoid ongoing charges.
| # | Resource | How to Delete |
|---|---|---|
| 1 | CloudFront Distribution | CloudFront → select distribution → Disable → wait → Delete |
| 2 | ACM Certificate | ACM → Certificates → select → Delete |
| 3 | Route 53 Records | Route 53 → Hosted zone → delete A records for root and www |
| 4 | Domain (optional) | Route 53 → Registered domains — domains renew annually, cannot be immediately deleted |