Supporting HTTPS URL redirection with a single CloudFront distribution

by

You’re thinking too narrowly — there’s nothing wrong with this setup.

The solution would be trivial if Amazon offered any form of URL rewriting

They do — the empty bucket.

S3 has absolutely no support for HTTPS.

Not for web site hosted buckets, no… but CloudFront does.

CloudFront is not just a CDN. It’s also an SSL offloader, Host: header rewriter, path prepender, geolocator, georestrictor, secure content gateway, http to https redirector, error page customizer, root page substituter, web application firewall, origin header injector, dynamic content gzipper, path-based multi-origin http request router, viewer platform identifier, DDoS mitigator, zone apex alias target… so don’t get too hung up on “CDN” or on the fact that you’re stacking one service in front of another — CloudFront was designed, in large part, to complement S3. They each specialize in certain facets of storage and delivery.

So, you did it right… most of it, anyway… Create a bucket, configure it for web site hosting, set it to redirect all requests to another site (the non-www) and put a CloudFront distribution in front of it — using the web site endpoint URL for with bucket in CloudFront, not the one from the drop-down list — configured with high TTLs so that CloudFront will send a minimal number of requests to S3 then put your (free!) SSL certificate from Amazon Certificate Manager. HTTPS alternate domain routing: solved. No servers, no troubleshooting, and cheap. The only charges are the usage — there is no background recurring charge as there would be with servers.

Extra credit: configure the redirecting CloudFront distribution for the cheapest rate tier. Redirects from more expensive locations will either be routed to a cheaper edge location or — at CloudFront’s option — may be served out of a higher cost location but billed at the lower rate.

Note that most of the time, CloudFront should serve the redirects from S3 from it’s cache… and when you configure a bucket to redirect all requests to another hostname, the redirect is a 301 permanent redirect — which browsers are supposed to cache, themselves.

More Related Contents:

  1. Amazon CloudFront Latency
  2. CloudFront + S3 Website: “The specified key does not exist” when an implicit index document should be displayed
  3. Font from origin has been blocked from loading by Cross-Origin Resource Sharing policy
  4. Multiple Cloudfront Origins with Behavior Path Redirection
  5. How do you add CloudFront in front of API Gateway
  6. AWS CloudFront: Font from origin has been blocked from loading by Cross-Origin Resource Sharing policy
  7. AWS CloudFront redirecting to S3 bucket
  8. S3 Static Website Hosting Route All Paths to Index.html
  9. Technically what is the difference between s3n, s3a and s3?
  10. Make a bucket public in Amazon S3
  11. How to rename files and folder in Amazon S3?
  12. How to make all Objects in AWS S3 bucket public by default?
  13. how to add cache control in AWS S3?
  14. AWS S3 pre signed URL without Expiry date
  15. Amazon S3 – HTTPS/SSL – Is it possible? [closed]
  16. Downloading an entire S3 bucket?
  17. Getting started with secure AWS CloudFront streaming with Python
  18. Amazon s3a returns 400 Bad Request with Spark
  19. AWS S3 display file inline instead of force download
  20. AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
  21. S3 – What Exactly Is A Prefix? And what Ratelimits apply?
  22. Access AWS S3 from Lambda within VPC
  23. Pre-signed url for multiple files?
  24. AWS S3 Bucket Access from EC2
  25. How do I delete a versioned bucket in AWS S3 using the CLI?
  26. How to change content type of Amazon S3 Objects
  27. Getting 403 forbidden from s3 when attempting to download a file
  28. AWS Glue output file name
  29. Get last modified object from S3 using AWS CLI
  30. Initial setup of terraform backend using terraform

Leave a Comment