Menu

Enable HTTPS Redirection in Amazon CloudFront to Custom Domain (AWS)

https-amazon-cloudfront

This article will help to enable HTTPS redirection for Amazon CloudFront distribution to a custom domain name.

Step 1 : Import Certificate to Amazon Certificate Manager (ACM)

1 . Navigate to ACM : https://console.aws.amazon.com/acm

Note: If you want to add SSL certificate to CloudFront distribution then always create/import certificate in N. Virginia Region (ACM)  otherwise you wont find SSL certificate for use in CloudFront distribution settings.

2. Click on Import certificate option

3. In this step you will need 3 files: 

  • Certificate body (.cert)
  • Certificate key (.key)
  • Certificate chain (gd_bundle_xxxx.crt)

1-acm-amazon-cloudfront

Copy paste all the content into relevant fields and click on “Review and import

Once you’ve added valid details you should be able to list the certificate with “Issued” status .

Now you’re good to upload the same certificate in CloudFront Distribution   

Step 2 : Alter Amazon CloudFront distribution settings

  1. Navigate to CloudFront Distribution : https://console.aws.amazon.com/cloudfront
  2. Select the CloudFront distribution and choose Distribution Settings
  3. Choose Edit and change the SSL certificate option from Default CloudFront Certificate to Custom SSL Certificate.

Also mention a Alternate Domain Name through which this CF distribution will be accessed. It is an important configuration if not done the CF when accessed via custom domain name will issue security error.

Here I’ve used xyz.abc.com which will point to this CF distribution.

3-cfdistribution-amazon-cloudfront

You should be able to list the certificate which you had imported in ACM in step 1, if not then make sure the ACM region is N.Virginia (amazon only allow to import certificate uploaded in N. Virginia region to be used in CloudFront)

Step 3 : Verify Amazon Route53 records

This is last step where you actually start routing all traffic to CloudFront distribution.

Here you will need to point domain name to CloudFront distribution :

Select type CNAME and copy paste your CloudFront Distribution domain name

Important NOTE : Im my case I have two seperate accounts, one of them has DNS configured and I’m configuring CF distribution in the other one. If your having the same scenario then just do the same configs shown below. OR If your DNS (Route53) and CF are in same account then need to select “Alias” instead of “CNAME” in Record Set.

4-route53-amazon-cloudfront

This should enable you to do HTTPS Redirection for custom domain on Amazon CloudFront.

You can check it using nslookup tool or by typing the custom domain name in browser.

References :

https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html

Hope this help!

-Bhargav

Blogger & Assc Cloud Architect

Post Navigation

Automate SonarQube Analysis on Git Pull Request using Jenkins

Create NAT instance in Amazon VPC (AWS)

Related Posts:

cloudwatch-metrics-s3-bucket

Get CloudWatch metrics and migrate it on S3 Bucket

separate-var-partition-on-ebs-volume-aws

Create separate /var partition on EBS volume AWS

CI-CD-TomcatApp-Architecture

Deploy Java Web App Using CI/CD tools on AWS

Site Footer

Bhargav Amin © 2019-20

Sliding Sidebar

Categories

Guest Post (14) Health & Fitness (2) How-to-do's (47) Sports (8) Tech Articles (23)

Topics

amazon certificate manager amazon linux apache web server aws bitcoin bookreview cassandra cloudformation cloudfront cloudwatch cricket database DevOps ebs ec2 ELB ethereum fitness football general Git IAM java Jenkins keylogger linux linux partitions lvm migration mysql networking route53 s3 security smartphone ssh tech timetracker travelblog vpc vpc-peering vpn windows wordpress workspaces

Social Profiles

Ads

Categories

Recent Posts

Featured Post

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 66 other subscribers

Blog Stats

  • 308,828 hits

My Social Profiles

Legal

Privacy Policy Cookie Policy
Terms and Conditions