Setting up Secure Static website with Custom domain using Route53 & ACM
In the last post I talked about the basics of DNS. In this post I will register a domain with Route53 and serve a web page using this domain.
Registering the Domain.
Open AWS Route53 console. You will not have any domain registered.
Click on Register Domain. You will land on this page.
Select a TLD and enter your domain name (it needs to be available). After this enter the remaining details. Cost of the domain will be added in your AWS account bill.
Once you are done. You will receive an email to your mailbox stating that your domain has been registered.
Once again go to Route53 service Page and click on registered domain and you will see your domain.
Now click on Hosted Zones.
Select the hosted zone by clicking on it. It will take you to the record set page.
Here you will be able to see the different record sets with different type like NS and SOA. These are automatically created by AWS for us.
I already had an S3 website. I used the same to create a new record set. My original website from S3 was like below.
Here look at the URL its the URL of s3 bucket.
To be able to use my domain name and render the same page I need to create a record set of type Alias. I clicked on the create Record set. Below is the screenshot of UI that gets displayed.
Once you check the alias radio button to yes you will see Alias target field. Once you click on it, it will give the available target in the drop down. I selected my S3 website endpoint and clicked create.
New record set was created. Thats it. I type my domain in the browser and I was able to see my website.
In the above snap there is something which isn’t looking good. “Not Secure”.
So Lets remove this. To do so we will need to issue a certificate for our domain. I accomplished this using ACM. ACM is an AWS service which helps us with the process of provisioning, validating, and configuring public and private SSL/TLS certificates for use with AWS services. Using ACM we can secure multiple domain names and multiple names within a domain. We can also create a wildcard certificate to protect all sub domains for a domain. One thing to note here: we can use ACM with only supported AWS services. So lets do it for our site as well.
Open the console for Certificate manager.
Click on get Started.
Select “Request a public certificate”. On the next page enter the details.
On the next page I selected validate using Domain since I registered with Route53 itself and I had access to modify DNS records for the domain.
After that clicked on the create record in Route53.
This creates a record like below.
Once everything is done you will see a screen like this.
In between I created a CloudFront distribution for my website and instead of ALIAS record for S3 website I created one for the CloudFront distribution. (CloudFront part will be discussed in different blog).
After everything is done and I was able to visit the page with secured settings.
Hope this was helpful.