Skip to main content

Domain Name and HTTPS

Purchasing a domain name

note

If you already have a domain and bought it from AWS, you can skip this section. Setup an https certificate if you haven't already. If you bought a domain elsewhere, configuring it for AWS is out of scope for this tutorial. Research how to do it with your domain provider.

Regardless of where you bought your domain, you need to use AWS as the DNS provider (via Route 53) for the remainder of this tutorial.

To get a domain name for your new website, log into the AWS console in your browser, navigate to Route 53, and:

  1. Go to "Registered Domains"
  2. Click the "Register domains" button
  3. Find a domain you want and "Proceed to checkout"
  4. Enable auto-renew if desired (recommended unless this is truly a throwaway site, because you can cancel this later)
  5. Provide your personal information (or business info if it's for a business site)
  6. Enable privacy protection if desired (recommended)
  7. Complete the purchase

At the time of writing, .click domains were the cheapest option at only $3 (USD) a year so I bought the self-describing siteonaws.click domain for this site.

info

Buying a domain on AWS automatically sets up the DNS records by creating a Route 53 hosted zone (Route 53 is AWS's DNS provider). Therefore CDK won't be used to create the hosted zone. Instead, CDK will look up the existing hosted zone and reconfigure it.

danger

Unless you really know what you are doing, do not delete the automatically created Route 53 hosted zone for your domain. It can be recreated with CDK, but as the AWS docs warn:

If you don't rigorously follow the [DNS] migration process, your domain can become unavailable on the internet for up to two days.

That's because DNS resolvers typically cache domains' DNS name servers for two days. Changing around hosted zones can easily make a domain inaccessible and take two days to recover.

DNS for your domain should be semi-permanent, so it's best not to put it in a CDK stack. That way it will never be deleted automatically if you remove it from the CDK stack or destroy the stack.

HTTPS Certificate

Use an AWS-issued SSL/TLS certificate to enable HTTPS and the use of your domain name with the CDN.

note

It is possible to create certificates with CDK, but there is a major gotcha: at the time of writing, certificates must be issued from AWS's us-east-1 region, otherwise they cannot be used with the CloudFront CDN. Unless you using CDK to setup your site in the us-east-1 region, it is not straightforward to ensure the certificate is generated in us-east-1 with CDK.

To allow for deploying to an arbitrary regions, it's currently easiest to generate the certificate by hand. Along with purchasing the domain, this is the only other non-automated / non-CDK step with the AWS infrastructure.

Log into the AWS console in your browser, navigate to AWS Certificate Manager, and:

  1. Click "Request certificate"
  2. Choose "Request a public certificate"
  3. Enter the domain name you purchased, like siteonaws.click, for the "fully qualified domain name"
  4. Leave the other options on their default. In particular, use "DNS validation" for the validation method
  5. Request the certificate

With Route 53 as the DNS provider and "DNS validation" for the validation type, validation should happen automatically. Wait a few minutes and the certificate status should change to Issued. Now we can finish setting up the domain with CDK.