Migrating from HTTP to HTTPS on AWS

Migrating Your Website from HTTP to HTTPS using AWS ACM and CloudFront

I have a DNS name for a web app hosted in Elastic Beanstalk.  As you may have seen, when you visit a website using HTTP, your browser will typically warn you that the site is “Not secure” and this may cause visitors to not trust the site.  I want to fix that!

In this tutorial, you’ll learn how to migrate your website from HTTP to HTTPS using AWS Certificate Manager (ACM) and CloudFront. This guide assumes that your domain is already managed by Route 53.  My resources are hosted in the us-west-2 region.

The What and Why of HTTP/HTTPS

HTTP (Hypertext Transfer Protocol) is the way your web browser talks to websites, like when you visit a page or fill out a form. However, when using HTTP, the information you send and receive isn’t secure—it can be easily intercepted by hackers. HTTPS (Hypertext Transfer Protocol Secure) is the safer version of HTTP. It encrypts the data, meaning it scrambles the information so that only the intended website can read it. Web admins should set up HTTPS for their websites to protect visitors’ data, keep the site secure, and show users that their site is trustworthy. It’s like adding a lock to your front door—essential for keeping things safe!

AWS Certificate Manager, CloudFront, and Route 53

ACM (AWS Certificate Manager), CloudFront, and Route 53 are tools from Amazon Web Services (AWS) that help make your website secure, fast, and easy to find. ACM provides the security certificates needed for HTTPS, which helps protect your website and users. CloudFront is a service that speeds up your website by delivering it from servers closer to your visitors, so pages load faster no matter where they are in the world. Route 53 is like a GPS for the internet—it helps direct users to your website by translating the website name (like softwareengineerportfolio.com) into an address that computers can understand. Together, these tools make sure your website is safe, quick to load, and easy to find online.

Tutorial

Prerequisites

• An active AWS account.
• Your domain is already set up in Route 53.
• A running website hosted on an AWS service (e.g., S3, EC2) that you want to secure with HTTPS.

Step 1: Request an SSL/TLS Certificate using AWS Certificate Manager (ACM)

1. Navigate to AWS Certificate Manager:
   • Go to the AWS Management Console and navigate to Certificate Manager (ACM).  Make sure you’re using us-east-1 as your region.
2. Request a Certificate:
   • Click on Request a certificate.
   • Choose Request a public certificate and click Next.
3. Enter Your Domain Name:
   • Enter the domain name for your website (e.g., example.com).
   • Add www.example.com as an additional domain.
   • Click Next.
4. Validation Method:
   • Choose DNS validation. This method is recommended because it’s simple and automated if you’re using Route 53.
   • Click Next.
5. Validate the Certificate:
   • ACM will provide a DNS CNAME record that you need to add to Route 53.
   • Click on Create record in Route 53 (if Route 53 manages your DNS).
   • ACM will automatically validate the DNS record with 2 CNAME records. This may take a few minutes.
6. Certificate Issued:
   • Refresh the page.  Once validated, your SSL/TLS certificate will be issued and available for use.  This is indicated by seeing “Issued” under Status in ACM.

Step 2: Create a CloudFront Distribution

1. Navigate to CloudFront:
   • Go to the AWS Management Console and navigate to CloudFront.
2. Create a CloudFront Distribution:
   • Click on Create Distribution.
3. Origin Settings:
   • Origin Domain Name: Enter the domain name of your existing website (e.g., example.com) or the S3 bucket name if hosting a static website or your Elastic Beanstalk environment endpoint if using Elastic Beanstalk..
   • Protocol: Set the Protocol to “HTTP only”.  While this may be confusing this is the protocol between CloudFront and S3, Elastic Beanstalk, or wherever else your domain is.
4. Default Cache Behavior Settings:
   • Viewer Protocol Policy: Choose Redirect HTTP to HTTPS. This ensures all HTTP traffic is redirected to HTTPS.
   • Allowed HTTP Methods: Select GET, HEAD (or other methods if necessary).
   • Cache Based on Selected Request Headers: Choose None (for a simple setup).
5. SSL Certificate:
   • In the Settings section, under SSL Certificate, choose Custom SSL Certificate.
   • Select the SSL certificate you requested from ACM.  Remember, the Certificate must be in us-east-1 even if your resources are located elsewhere.
6. Distribution Settings:
   • Alternate Domain Names (CNAMEs): Enter your domain name (e.g., example.com).
7. Create Distribution:
   • Review your settings and click Create Distribution.
   • The distribution may take 15-20 minutes to deploy. Once deployed, CloudFront will provide a domain name (e.g., d1234abcdef.cloudfront.net).

Step 3: Update Route 53 to Use CloudFront

1. Navigate to Route 53:
   • Go to the AWS Management Console and navigate to Route 53.
2. Update DNS Record:
   • Find the hosted zone for your domain.
   • Update the A record (or create a new one) to point to your CloudFront distribution domain name (e.g., d1234abcdef.cloudfront.net).
   • Use an Alias record, which is recommended for pointing to CloudFront distributions.
3. Save Changes:
   • Save the changes in Route 53. DNS propagation can take a few minutes to several hours, so give it some time.

Step 4: Test Your HTTPS Setup

1. Access Your Website:
   • After DNS propagation, visit your website using https://yourdomain.com.
   • Ensure that the connection is secure (look for the padlock icon in the browser’s address bar).
2. Verify HTTP to HTTPS Redirection:
   • Test by accessing your website using http://yourdomain.com.
   • Confirm that it automatically redirects to https://yourdomain.com.

Step 5: Monitor and Maintain

1. Monitor CloudFront:
   • Use CloudFront’s monitoring tools to track traffic, performance, and any errors.
2. Renew Certificates:
   • ACM automatically renews certificates before they expire, but ensure that DNS records remain correct.
3. Adjust Cache Settings:
   • Fine-tune CloudFront cache settings for optimal performance based on your website’s needs.

Conclusion

You have successfully migrated your website from HTTP to HTTPS using AWS ACM and CloudFront. Your website is now more secure, and your visitors’ data is protected with SSL/TLS encryption.

If you encounter any issues during the process or need further customization, AWS documentation and support are great resources to explore.

Let me know if you have any questions or need further assistance!