Enable HTTPS Redirection in Amazon CloudFront to Custom Domain (AWS)

https-amazon-cloudfront

This article will help to enable HTTPS redirection for Amazon CloudFront distribution to a custom domain name.

Step 1 : Import Certificate to Amazon Certificate Manager (ACM)

1 . Navigate to ACM : https://console.aws.amazon.com/acm

Note: If you want to add SSL certificate to CloudFront distribution then always create/import certificate in N. Virginia Region (ACM)  otherwise you wont find SSL certificate for use in CloudFront distribution settings.

2. Click on Import certificate option

3. In this step you will need 3 files: 

  • Certificate body (.cert)
  • Certificate key (.key)
  • Certificate chain (gd_bundle_xxxx.crt)

1-acm-amazon-cloudfront

Copy paste all the content into relevant fields and click on “Review and import

Once you’ve added valid details you should be able to list the certificate with “Issued” status .

Now you’re good to upload the same certificate in CloudFront Distribution   

Step 2 : Alter Amazon CloudFront distribution settings

  1. Navigate to CloudFront Distribution : https://console.aws.amazon.com/cloudfront
  2. Select the CloudFront distribution and choose Distribution Settings
  3. Choose Edit and change the SSL certificate option from Default CloudFront Certificate to Custom SSL Certificate.

Also mention a Alternate Domain Name through which this CF distribution will be accessed. It is an important configuration if not done the CF when accessed via custom domain name will issue security error.

Here I’ve used xyz.abc.com which will point to this CF distribution.

3-cfdistribution-amazon-cloudfront

You should be able to list the certificate which you had imported in ACM in step 1, if not then make sure the ACM region is N.Virginia (amazon only allow to import certificate uploaded in N. Virginia region to be used in CloudFront)

Step 3 : Verify Amazon Route53 records

This is last step where you actually start routing all traffic to CloudFront distribution.

Here you will need to point domain name to CloudFront distribution :

Select type CNAME and copy paste your CloudFront Distribution domain name

Important NOTE : Im my case I have two seperate accounts, one of them has DNS configured and I’m configuring CF distribution in the other one. If your having the same scenario then just do the same configs shown below. OR If your DNS (Route53) and CF are in same account then need to select “Alias” instead of “CNAME” in Record Set.

4-route53-amazon-cloudfront

This should enable you to do HTTPS Redirection for custom domain on Amazon CloudFront.

You can check it using nslookup tool or by typing the custom domain name in browser.

References :

https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html

Hope this help!

-Bhargav

Blogger & Assc Cloud Architect

Site Footer