CloudFront CDN and SSL Certs

Amazon provides free, managed certificates for https requests – even for static hosting on S3! Sounds great, so I start to implement that for my sites hosted by S3 only to find that it requires AWS CloudFront to be in front of your hosting. That is a little more involved and costly that I wanted, but I continued anyway just for the experience.

I deployed four CloudFront distributions – one for each domain – and reconfigured Route 53 to point to the CDN’s instead of the S3 hosted sites.

A new problem cropped up: default files such as index.html would return 404 errors! After some searching I realized that the standard way of setting an S3 bucket as the CDN’s origin meant that all url’s would have to include the “index.html”. The solution was to keep S3 hosting turned on and make the S3 hosting – not the bucket itself – the origin for the CDN’s. This was not obvious while configuring the CDN’s because the origin fields in the console would not populate with the hosted sites ARN’s! I had to copy the ARN from S3 and paste them into the origin fields!

CloudFront has an option to redirect http requests to https to use the certificate. That is what my sites use now.

On a related note, you must also delete whatever is in the “Default Root Object” field. And finally enter all domains – AND – into the “Alternate Domain Names” field.

Now I have SSL working on each site, with the added CDN performance boost. CloudFront (US, Canada, EU only) is only a few pennies due to the low traffic – not sure what that cost is for a commercial application, but probably pretty low if it is like most AWS services.