This article will help to enable HTTPS redirection for Amazon CloudFront distribution to a custom domain name.
Step 1 : Import Certificate to Amazon Certificate Manager (ACM)
1 . Navigate to ACM : https://console.aws.amazon.com/acm
Note: If you want to add SSL certificate to CloudFront distribution then always create/import certificate in N. Virginia Region (ACM) otherwise you wont find SSL certificate for use in CloudFront distribution settings.
2. Click on Import certificate option
3. In this step you will need 3 files:
- Certificate body (.cert)
- Certificate key (.key)
- Certificate chain (gd_bundle_xxxx.crt)
Copy paste all the content into relevant fields and click on “Review and import”
Once you’ve added valid details you should be able to list the certificate with “Issued” status .
Now you’re good to upload the same certificate in CloudFront Distribution
Step 2 : Alter Amazon CloudFront distribution settings
- Navigate to CloudFront Distribution : https://console.aws.amazon.com/cloudfront
- Select the CloudFront distribution and choose Distribution Settings
- Choose Edit and change the SSL certificate option from Default CloudFront Certificate to Custom SSL Certificate.
Also mention a Alternate Domain Name through which this CF distribution will be accessed. It is an important configuration if not done the CF when accessed via custom domain name will issue security error.
Here I’ve used xyz.abc.com which will point to this CF distribution.
You should be able to list the certificate which you had imported in ACM in step 1, if not then make sure the ACM region is N.Virginia (amazon only allow to import certificate uploaded in N. Virginia region to be used in CloudFront)
Step 3 : Verify Amazon Route53 records
This is last step where you actually start routing all traffic to CloudFront distribution.
Here you will need to point domain name to CloudFront distribution :
Select type CNAME and copy paste your CloudFront Distribution domain name
Important NOTE : Im my case I have two seperate accounts, one of them has DNS configured and I’m configuring CF distribution in the other one. If your having the same scenario then just do the same configs shown below. OR If your DNS (Route53) and CF are in same account then need to select “Alias” instead of “CNAME” in Record Set.
This should enable you to do HTTPS Redirection for custom domain on Amazon CloudFront.
You can check it using nslookup tool or by typing the custom domain name in browser.
References :
https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
Hope this help!
-Bhargav
Social Profiles