AWS Hands-On Lab — Project #2 — DNS + HTTPS

Lab 02: S3 Static Site with Route 53 & HTTPS

Register a domain in Route 53, secure the site with a free ACM SSL certificate, and serve it globally via CloudFront — accessible at both http:// and https://.

Services: S3 · Route 53 · CloudFront · ACM · IAM    Cost: ~$0.50/mo    Time: 3–5 hours    Level: Intermediate

Overview

In this lab you will register a domain name in Amazon Route 53 and use it to serve a fully secure static website hosted on Amazon S3. By the end, your site will be accessible at both http://yourdomain.com and https://yourdomain.com — with automatic HTTP-to-HTTPS redirection powered by CloudFront.

Architecture Flow

  1. User types https://yourdomain.com into their browser
  2. Route 53 resolves the domain name to the CloudFront distribution
  3. CloudFront serves the site over HTTPS using the ACM SSL certificate
  4. CloudFront fetches files from the S3 origin when not cached
  5. The website is returned to the user fully secured with HTTPS

AWS Services Used

ServicePurposeCost
Amazon S3Stores and serves your static website HTML filesFree Tier
Amazon Route 53Manages your domain name and DNS records$0.50/mo per hosted zone
AWS Certificate ManagerProvides a free SSL/TLS certificate for HTTPSAlways Free
Amazon CloudFrontCDN that delivers your site globally with HTTPSFree Tier
Cost note: Route 53 charges $0.50/month per hosted zone. Domain registration is $12–$15/year for .com. Use .link or .click for ~$3/year to minimize cost.

Prerequisites

Warning: Domain registration is not free and not instantly reversible. Once you register a domain you are charged for one year upfront. Choose your domain name carefully before purchasing.
Step 1
Amazon Route 53 — Domain Registration
Register a Domain Name

Route 53 automatically creates a hosted zone for your domain when you register through it — no manual name server setup required.

  1. Search for Route 53 in the AWS Console and click it
  2. In the left sidebar click Registered domains
  3. Click Register domain
  4. Search for your desired domain name and select a TLD (.com, .net, .link, or .click)
  5. Click Add to cart then Proceed to checkout
  6. Fill in the registrant contact information and check the agreement checkbox
  7. Click Submit
Registration usually completes within 15 minutes. Route 53 automatically creates a Hosted Zone for your domain. Go to Hosted zones in the left sidebar to confirm — it will have two default records: NS and SOA.
Step 2
Amazon S3
Create a New S3 Bucket Matching Your Domain Name

For Route 53 to route traffic correctly, your S3 bucket name must exactly match your domain name.

Critical: If your domain is example.com, your bucket name must be example.com. A mismatch will cause routing errors.
  1. Navigate to S3 and click Create bucket
  2. Bucket name: your exact domain name e.g. cloudpracticelabs.org
  3. Region: us-east-1
  4. Uncheck Block all public access and check the acknowledgment
  5. Click Create bucket
  6. Open the bucket → PropertiesStatic website hostingEdit
  7. Enable hosting, set index document to index.html and error document to error.html
  8. Click Save changes and copy the Bucket website endpoint URL
  9. Under Permissions add the public read bucket policy (same JSON as Lab 01, with your new bucket name)
  10. Upload your index.html and error.html files
Test the site via the S3 endpoint URL before continuing. If it loads over HTTP, you are ready for the next steps.
Step 3
AWS Certificate Manager (ACM) — us-east-1 ONLY
Request a Free SSL/TLS Certificate

ACM provides free SSL/TLS certificates. CloudFront will use this certificate to enable HTTPS.

Critical: You MUST be in us-east-1 (N. Virginia) to request this certificate. CloudFront only reads ACM certificates from us-east-1. Check your region selector in the top-right corner before proceeding.
  1. Confirm your region is set to US East (N. Virginia) — us-east-1
  2. Search for Certificate Manager and click it
  3. Click Request a certificateRequest a public certificate → Next
  4. Fully qualified domain name: yourdomain.com
  5. Click Add another name and add: www.yourdomain.com
  6. Validation method: DNS validation
  7. Click Request
  8. Click the certificate ID → click Create records in Route 53Create records
  9. Wait 5–15 minutes and refresh — status should change to Issued
Do not proceed to Step 4 until the certificate status shows Issued. Attaching a pending certificate to CloudFront causes TLS errors that are difficult to debug.
Step 4
Amazon CloudFront
Create a CloudFront Distribution

CloudFront sits in front of your S3 bucket, serves your site globally, and provides HTTPS using your ACM certificate.

  1. Search for CloudFront and click it → Create distribution
  2. Origin domain: select your S3 bucket website endpoint (ends in .s3-website-us-east-1.amazonaws.com)
  3. Origin protocol: HTTP only
  4. Viewer protocol policy: Redirect HTTP to HTTPS
  5. Alternate domain names (CNAME): add yourdomain.com and www.yourdomain.com
  6. Custom SSL certificate: select the certificate from Step 3
  7. Default root object: index.html
  8. Click Create distribution
  9. Wait 5–15 minutes for status to change from Deploying to Enabled
  10. Copy the Distribution domain name (e.g. d1234abcdef.cloudfront.net)
Important: Use the S3 website endpoint, NOT the REST endpoint. The website endpoint ends in s3-website-us-east-1.amazonaws.com. The REST endpoint does not support index documents correctly.
Test now: paste the CloudFront domain name into your browser. Your site should load over HTTPS. If it works, CloudFront and your certificate are configured correctly.
Step 5
Amazon Route 53 — DNS Records
Create DNS Records Pointing to CloudFront

Root domain A record

  1. Go to Route 53 → Hosted zones and click your domain
  2. Click Create record
  3. Leave the Record name field blank (creates the root domain record)
  4. Record type: A   Alias: ON
  5. Route traffic to: Alias to CloudFront distribution
  6. Select your CloudFront distribution and click Create records

www subdomain A record

  1. Click Create record again
  2. Record name: www   Record type: A   Alias: ON
  3. Route traffic to: Alias to CloudFront distribution (same distribution)
  4. Click Create records

Test

  1. Wait 5–15 minutes for DNS propagation
  2. Visit http://yourdomain.com — it should redirect to https://yourdomain.com
  3. Click the padlock icon to confirm the SSL certificate is valid
  4. Also test https://www.yourdomain.com
Check DNS propagation worldwide at dnschecker.org. Enter your domain name to see how many DNS servers have your new records. Usually completes in under 15 minutes with Route 53.

Verification Checklist

What You Learned

Lab Cleanup — Delete Your Resources

Always delete lab resources when done to avoid ongoing charges. Follow this order to avoid dependency errors.
#ResourceHow to Delete
1CloudFront DistributionCloudFront → Disable first, wait until Disabled, then Delete
2ACM CertificateCertificate Manager (us-east-1) → Certificates → Delete
3Route 53 A RecordsRoute 53 → Hosted zone → select both A records → Delete records
4S3 Bucket ContentsS3 → bucket → select all objects → Delete → type permanently delete
5S3 BucketS3 → select bucket → Delete bucket → type bucket name → confirm
6Route 53 Hosted ZoneOnly if no longer needed — Route 53 → Hosted zones → Delete hosted zone
Keep your Route 53 hosted zone if you plan to continue doing AWS labs with this domain. The $0.50/month cost is the only ongoing charge once CloudFront is deleted.
← Lab 01: S3 Static Website Next: Lab 03 — Serverless Contact Form →