Showing all posts tagged "Route 53"

Using Route 53, Cloudfront, and to serve HTTPS pages

HTTPS everywhere graphic

For those of you using Route 53, CloudFront, and, this post explains how to securely serve your pages using HTTPS and CloudFront.

Starting October 2017, Google made good on "HTTPS Everywhere" unveiled at I/O 2014. The follow up was also posted on the Google Webmaster Central Blog under HTTPS as a ranking signal.

Hopefully, the above links explain why serving your site via HTTPS is important and frankly, required.

The folks over at were awesome in helping with the wayfinders and crafting a workaround. They provided a link to Route53 SSL Naked Domain Redirect which set up the framework for this solution.

Overall, there are three AWS configuration steps:

  • Setup your SSL certificate

  • Create a CloudFront distribution

  • Create a Route 53 alias

Setup your SSL certificate

Using AWS Certificate Manager (ACM), you'll either import an existing certificate or create a new one. When your current certificate expires, keep in mind that AWS provides these for FREE including wildcard certificates.

Create a CloudFront distribution

In the AWS console, navigate to CloudFront. Click on Create a Distribution then Get Started under Web. You will see a variety of options under Create Distribution.

Origin Settings

The value for Origin Domain Name is <username> If in doubt, log into and view your site. You'll see the correct URL address in the browser.

In Origin Protocol Policy, select HTTP. When CloudFront pulls anything from the origin (<username>, it needs to be done using HTTP. only supports HTTP at the time of this post. I kept all of the other default settings under Origin Settings.

CloudFront Origin Domain Name and Origin Protocol Policy

Default Cache Behavior Settings

Scroll down to Default Cache Behavior Settings. I changed the following settings in this section:

  • Viewer Protocol Policy to Redirect HTTP to HTTPS.

  • Cache Based on Selected Request Headers to All.

  • Forward Cookies to All.

  • Query String Forwarding and Caching to Forward all, cache based on all.

CloudFront Default Cache Behavior Settings is a service to serve pages from Evernote easily and not a platform to build an application. The headers, cookies, and query string settings can be adjusted to enable a bit more caching. I didn't spend the time to tune these options since caching isn't a concern for me right now.

Distribution Settings

Scroll down to Distribution Settings. Enter the domain name(s) that points to your site in Alternate Domain Names (CNAMEs). My domain is

Under SSL Certificate, you'll select Custom SSL Certificate and from the dropdown, find the certificate you created or uploaded in ACM.

Under Custom SSL Client Support, select Only Clients that Support Server Name Indication (SNI). All modern browsers support SNI so you should be good here. All of the other options remain the CloudFront defaults. Last, click on Create Distribution and wait for CloudFront to deploy your distribution. Creating the distribution can take 15 to 30 minutes.

CloudFront Distribution Settings

Create a Route 53 alias

Navigate to Route 53in the AWS console and go into your hosted zone. Click on Create Record Set. Under Name, enter the subdomain you'll be using for your site. I entered blog. Select A - IPv4 address under Type and click Yes on Alias. When you click on Alias Target, wait a few seconds and then you'll see a listing of available targets. Select the CloudFront distribution you created in the next step. Last, click on Create to complete this setup.

Route 53 alias settings for CloudFront

Something to keep in mind

Depending on how you configured your CloudFront distribution, you might need to invalidate your cache if you modify an existing page and want it to show up right away. I find that even though there is minimal caching with this setup, caching does occur.


I'm a big fan and user of Evernote. I came across when I was looking for a simple way to blog. I didn't want to spin up, theme, and maintain a full CMS or go with one of the public blogging sites. While there are some quirks with Evernote and getting the post formatting correct, I like the workflow as well as the support for markdown.

And sure, this might be overkill for most since you can deploy a static site to S3 and use CloudFront. Once Evernote,, and AWS is setup correctly, posting an article becomes simple.

Comments, questions, or corrections?? Let me know!