url forwarding

Redirect a domain with SSL (http and https) with AWS S3 and CloudFront

This post will explain how to redirect a domain to another, on HTTP and HTTPS. What we aim to achieve is to have source.domain automatically forwarded to target.domain, so if a user enters http://source.domain or https://source.domain, they end up on https://target.domain. Any URL entered on the source.domain will be automatically translated to the target domain (i.e., https://source.domain/mypage will be forwarded to https://target.domain/pypage and so forth). We will do this using primarily AWS S3, CloudFront and Route 53. The source.domain should be managed by Route 53.

Create the S3 bucket

The first step is to create your S3 bucket. Navigate to Amazon S3 and create a bucket. If it helps, give it the name of the source.domain, but you can choose any relevant name. You can use the default settings to create the bucket and you do not need to enable public access as the bucket will be accessed via CloudFront only.

Once the bucket is available, go to its Properties and click “Edit” for the section on “Static Website Hosting” (at the bottom of the Properties page). Adjust the settings as follows:

S3 bucket settings for "Static Website Hosting"

Under “Host name” remember to include your own target.domain. Save the changes.

Create your CloudFront distribution

Navigate to CloudFront and create a new distribution. Under Origin Domain, click on the field and you should see a list of available S3 buckets. Select the relevant bucket. After making your selection you may be prompted to “Use website endpoint” for the S3 bucket. Accept this.

Under “Default Cache Behavior” select “Redirect HTTP to HTTPS”. Select all HTTP methods.

CloudFront Default Cache Behavior options

For the Caching Policy, select “CachingOptimized”.

You don’t need to enable WAF, so under this category select the option “Do not enable security protections”.

Under “Custom SSL certificate” request a certificate for your source.domain. This is needed so that your https://source.domain loads properly in the user browser.

Request custom SSL certificate

If you are redirecting both www and non-www domains, you may need to add both domains to your certificate on the next page:

Fully qualified domain name(s) for Certificate

To obtain the certificate you will need to validate your domain via DNS or email. Choose the best option. Once the certificate is issued, you will be able to refresh the Custom SSL certificate field above and select the newly issued certificate.

Then, once this is done, click on “Create distribution” to create your distribution. When the distribution is ready, proceed to the next step.

DNS Changes in Route 53 hosting zone

In Route 53, browse to the hosting zone of the source.domain and add two A records: one for “www” and the other one blank to forward the non-www domain. Both records are similar, created as aliases to the same CloudFront distribution as created above:

Route 53 A record alias to CloudFront

Once your records are created and DNS updated, your source.domain should now resolve to the target.domain, with or without www, and securely via https, without security warnings.

Other considerations

If you want better control over the forwarded pages and you use WordPress for example, then you can use a plugin such as Redirection on the target.domain to gain visibility on 404 and other pages, and create specific redirection rules. Some SEO plugins like Yoast SEO have similar functionality although more limited.

If you prefer to do it manually, you can edit your site .htaccess file and add the relevant redirect rules. See this article on DreamHost for some guidelines on this.

A test

If you want to test the outcome of this procedure, currently the domain is being redirected to


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share to...