Exploring Cloud Solutions: Implementing Cloud Architecture Patterns for Fictional Companies

Alex’s AWS Adventures — Part 2: Securing Your Static Website Using AWS CloudFront

James Simpson III
6 min readJun 9, 2023

--

Introduction

Welcome back! Previously, we set up a static website using Amazon S3 and were able to meet Alex’s requirements for a cost-effective, serverless solution. But there’s something missing…

Alex’s site is using HTTP and doesn’t have a user-friendly domain name. As it stands, his site is not secure, and will notify visitors of that, which will drive them away from his site. Luckily, AWS offers a great solution to this problem!

Introducing CloudFront

CloudFront is a content delivery network (CDN) service that helps reduce latency and improve transfer speeds of data, videos, APIs, and more, all while ensuring the communication between the client (user) and CloudFront is secure.

CloudFront utilizes Amazon’s Edge Locations to securely cache content and act as a middleman for your site and the end user. With over 100 Edge Locations scattered all across the globe, CloudFront can easily help take your site or application global without the worries of increased latency as users get farther away from where your application or site is hosted.

Prerequisites:

  • A registered domain name (We’ll use Route 53)
  • A static site hosted in S3 (Check out Part 1)
  • Some knowledge of AWS
  • An SSL certificate (We’ll be using Certificate Manager)
  • Some funky Jazz Lofi (Not required but highly recommended 😎)

Let’s Get Building

  1. Ensure you have a domain name registered with Route 53. Route 53 is Amazon’s DNS service and Domain Registrar. It allows you to quickly purchase a domain and get a DNS zone hosted. If you don’t already have one available, simply head over to Route 53 in the management console, click “Registered domains”, then “Register Domain”. You’ll be taken through a simple process of purchasing a new domain.

I already have one created that I’ll use for the rest of this tutorial.

2. Once your domain name has been registered, AWS will automatically create a hosted zone for you. This will house all of your DNS records. To see your newly created hosted zone, simply click “Hosted zones” in the left side menu.

3. With our domain registered and our DNS zone created, we can now create an SSL certificate that will be used by CloudFront to ensure sessions are encrypted. Let’s head over to Certificate Manager to create our certificate.

3.1 We’ll click “Request a new certificate” to begin the process.

3.2 We’re going to request a public certificate and then click “Next

4. Enter the domain name you just registered, and keep the “Validation method” and “Key algorithm” as default. The DNS validation is simple and prevents us from having to leave to console to validate our domain ownership. With that done, scroll down and click “Request”.

5. Once you’ve requested a certificate, you’ll see it populate in Certificate Manager with a status of “pending validation”. Simply click the certificate you just created, navigate to the “Domains” sections, and click “Create records in Route 53” to validate your certificate.

5.1 After waiting a few minutes and refreshing the page, you’ll see the status of your certificate change to “Issued”. Now we’re ready to create our CloudFront distribution!

Let’s head over to the CloudFront service in the management console. A simple search for CloudFront will take you to the page listed below.

Click “Create a CloudFront distribution” to get started.

  1. Choose an Origin (Where will the data come from?) In our case, it is our S3 website endpoint. Instead of selecting our bucket from the list of available origins, we will copy and paste the URL that was created for us when we set up our static site in S3.

2. Change the Viewer protocol policy from “HTTP and HTTPS” to “Redirect HTTP to HTTPS”. You can probably guess what this does :)

3. Select “Do not enable security protections” for the WAF. In a production environment, we would definitely enable this, but for our purposes, we’ll avoid the extra charges and leave it off.

4. Add the domain name we created using Route 53, and select the certificate we created using Certificate Manager.

5. Scroll down a bit and click “Create distribution”. It may take a few minutes to create, but this is what you’ll see when everything is done:

Make sure you copy the “Distribution domain name”. We’ll use that in the next steps.

Now that we have our distribution created, let’s add a DNS record that points our custom domain name to the distribution domain name.

We’ll head over to our Hosted Zone in Route 53 and click “Create record”.

  1. Leave the “Record name” blank
  2. Select “A” record for the “Record type
  3. Turn on “Alias
  4. In the “Route traffic to” field, select “Alias to CloudFront distribution
  5. Select the distribution you just created

We’ll leave all the other settings at default, scroll down, and select “Create record”.

It may take a few minutes to update the DNS records, so wait about 5 minutes, then test your site using the custom domain name.

We now have a secure website! I think Alex will be very pleased with this solution.

As always, thanks for reading and participating. If you enjoyed this tutorial, leave a clap for me, and be on the lookout for more scenarios in the future!

--

--

James Simpson III
James Simpson III

Written by James Simpson III

Infusing my love for Halloween 👻 and my aspirations of becoming a Cloud Engineer ☁️ to bring you the spookiest tech blog you'll ever encounter 🎃

No responses yet