HTTPS domain redirection with S3 and CloudFront

Last week we retired one of our products and merged it with a different one. Because of that, we wanted to redirect the old domain name to the new one keeping all the paths under it.

I have used S3 for redirections before. It find it very simple to use and you can configure a redirection in a couple of minutes. However, there’s downside, it only works from HTTP traffic, not HTTPS. In our case, our old site uses HTTPS, so if someone tried to access it they would not be redirected and the request would time out.

That’s were CloudFront came in. By using CloudFront in front of your S3 bucket you can redirect HTTPS traffic. Here’s a step-by-step guide of what I did.

Create and configure an S3 bucket

  • Create the S3 bucket in the same way you would normally do. If you were to use the S3 redirection only you would need to name it as the domain name you want to redirect. Since we will be using CloudFront, you don’t have to.
  • Go to the Properties section of your new bucket.
    • Now, go all the way down to Static website hosting.
      • Enable Static Website Hosting.
      • Redirect requests for an object.
      • Add the hostname you want to use and then select HTTPS as the protocol.
      • Save your changes.

Remember to take a note of the Bucket website endpoint. You will need it later for CloudFront.

Get an SSL certificate

If you don’t have one, you will need to get an SSL certificate for the domain name you are redirecting. You will need it for CloudFront.

One important thing to remember is generating the certificate in the right region. To use a certificate with CloudFront you must generate it in the N. Virginia region. So even if you have one in a different AWS region you will need to request it in that one too.

  • Go to the Certificate Manager.
  • Request Certificate.
  • Request a public certificate.
  • Add the domain names you want to use.
  • Choose the validation method you want to use.
    • DNS validation will ask you to add a record to your DNS configuration. If you use Route 53 AWS can do it for you.
    • Email validation will send an email to the address listed in the whois. You will then need to accept the request.
  • Once the validation is completed you will see your certificate’s status is now Issued.

Configuring CloudFront

Let’s configure CloudFront in front of our S3 bucket now.

Use the bucket website endpoint from earlier. For the Origin Settings you just need to fill in the Origin Domain Name.

You don’t need to change anything in the Default Cache Behavior Settings. If you want to, you can set the Viewer Protocol Policy to Redirect HTTP to HTTPS.

Now, in the Distribution Settings, you need to configure the domain names you want to use with CloudFront, in this case the ones you want to redirect. You also need to select the SSL certificate.

Now click on Create Distribution on the bottom right-hand side of the page.

The Distribution is now being created. Once everything is ready you will see something like this.

You can test that the redirection works before configuring your domain names to point at CloudFront by using the *.cloudfront.net domain name you can see here. If you try to open it in your browser it should take you to the new site. If it doesn’t, something’s wrong and you should check your steps to see if your CloudFront or S3 configs are not correct.

Configuring your DNS

In this case I will use Route 53.

If you don’t use Route 53, you should create CNAME records for the versions of your domain name that you want to redirect (e.g. example.com, www.example.com) pointing at your *.cloudfront.net domain name. These CNAME records must be the same ones you configured for CloudFront earlier.

Go to your Hosted Zone.

Change or create the values of the DNS records for the versions of your domain name that you want to redirect. They must best be the same ones you configured for CloudFront:

  • Record type: A
  • Set it as Alias
  • Alias to CloudFront distribution. The distribution should show up automacially when you click on the box.
  • Routing policy: Simple routing

And that’s you! Once the DNS changes propagate your old domain name will be redirected to your new one. In my case it took less than 5 minutes, but it can take longer.

I hope this has been useful for you. See you next time!

Leave a Reply

Your email address will not be published. Required fields are marked *