Amazon S3 static website - Redirect HTTPS to HTTP

Question

I'm about to launch a static website using S3/Cloudfront. I don't need HTTPS for the site, but the current iteration of the website is served over HTTPS and has hundreds of links and indexed URLs that are HTTPS.

I've been searching for hours and can't find a way to redirect our HTTPS URLs to HTTP when only using S3/Cloudfront. Currently the HTTPS URL will refuse the connection instead of redirecting to the HTTP version of the page.

With no Apache it seems it is not possible to do this. Any hints?

Answer 1

Static website hosting on S3 does not support HTTPS unless you use the full domain path, i.e. example.com.s3-website-us-east-1.amazonaws.com. Since you want to keep your URL, you'll have to use a CloudFront distribution to handle SSL.

1. Upload your SSL certificate to CloudFront: aws iam upload-server-certificate --server-certificate-name CertificateName --certificate-body file://public_key_certificate_file --private-key file://privatekey.pem --certificate-chain file://certificate_chain_file --path /cloudfront/path/ [1]

2. Create a cloudfront distribution and configure as so:

   • Origin Domain Name: your s3 bucket's public static website hosting endpoint (not the endpoint that CloudFront autocompletes)
   • Alternate Domain Names (CNAMEs): desired location for your website, e.g. example.com or www.example.com
   • SSL Certificate: Select the SSL certificate you uploaded in step 1.
   • Custom SSL Client Support: Unless you need compatibility for really old clients, select "Only Clients that support Server Name Indication" and save $600.

   If you are redirecting https to s3 redirect, the origin domain should not be the autocomplete bucket, but the static redirect endpoint s3 gives you

3. Save your distribution. It should show Status "In Progress". It generally takes ~15 minutes before a distribution is "Deployed"; don't move on to step 4 until your distribution is "Deployed".

4. Verify the distribution works: navigate to the CloudFront distribution via the domain name in the list, e.g. "https//d111111abcdef8.cloudfront.net/". You should see your website.
5. Change your DNS records to point to the CloudFront distribution instead of the S3 bucket.

[1] if you have trouble adding your certificate to CloudFront check out this article for further information: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#cnames-and-https-procedure