How can I configure an Amazon CloudFront distribution to serve HTTPS requests for my Amazon Simple Storage Service (Amazon S3)?

  1. Open the CloudFront console.
  2. Choose Create Distribution.
  3. Under Web, choose Get Started.
  4. For Origin Domain Name, you can either choose your S3 bucket's REST API endpoint from the drop-down menu, or you can enter your S3 bucket's website endpoint. For more information, see Key Differences Between the Amazon Website and the REST API Endpoint.
  5. For Viewer Protocol Policy, choose HTTP and HTTPS.
    Note: Choosing HTTPS Only blocks all HTTP requests.

If you're not using a custom domain with CloudFront, choose Create Distribution to complete the process. If you are using a custom domain, follow these additional steps before you create the distribution:

  1. For Alternate Domain Names (CNAMEs), type your custom domain.
  2. For SSL Certificate, choose Custom SSL Certificate. Then, choose the custom SSL certificate to assign to the distribution.
    Note: For more information on installing a certificate, see How do I install SSL/TLS certificates on Amazon CloudFront?
  3. Choose Create Distribution.

Note: After you choose Create Distribution, it can take about 20 minutes for your distribution to deploy.

Be sure to update the DNS for your domain to a CNAME record that points to the CloudFront distribution's provided domain. You can find your distribution's domain name in the CloudFront console.

If you're using Amazon Route 53 as your DNS provider, you can create an alias record (example.com Alias d111111abcdef8.cloudfront.net) to point the record to your CloudFront distribution. If you're using another DNS provider, you can create only a CNAME record (www.example.com CNAME d111111abcdef8.cloudfront.net) to point to the distribution's domain.

Important: DNS standards require that an apex domain (example.com) use an authoritative (A) record that maps to an IP address. You can point your apex domain to your CloudFront distribution only if you're using Route 53. If you're using another DNS provider, you must use a subdomain (www.example.com).  


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-04-02

Updated: 2018-12-04