## Request a certificate
- Open [Certificate Manager console](https://console.aws.amazon.com/acm/home)
- Click on Request
- Select Request a public certificate
- Put in the domain for the certificate
- Select the validation method. Usually you will want to use DNS validation
![[Pasted image 20240826144958.png]]
- Select key algorithm. Most cases RSA 2048 is fine
![[Pasted image 20240826145114.png]]
- Click the Request button to start the DNS validation process
- On the next page, AWS will display the CNAME record you need to create for the validation. Add that CNAME in your DNS zone
- After the validation has completed you will see the certificate is now in the "issued" status. You can move on to the next step
## Add CloudFront Distribution
- Open the [CloudFront console](https://console.aws.amazon.com/cloudfront/).
- Under **Origin**, for **Origin domain**, choose your S3 bucket's REST API endpoint from the dropdown list. Or, enter your S3 bucket's website endpoint. For more information, see [Key differences between a website endpoint and a REST API endpoint](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff).
- Under **Default cache behavior**, **Viewer**, for **Viewer Protocol Policy**, select **HTTP and HTTPS** or **Redirect HTTP to HTTPS**.
**Note:** Choosing **HTTPS Only** blocks all HTTP requests.
- For **Alternate Domain Names (CNAMEs)**, choose **Add item**, and then enter your alternate domain name.
- For **Custom SSL Certificate**, choose the custom SSL certificate from the dropdown list that covers your CNAME to assign it to the distribution.
**Note:** For more information on installing a certificate, see [How do I configure my CloudFront distribution to use an SSL/TLS certificate?](https://repost.aws/knowledge-center/install-ssl-cloudfront)
- Choose **Create distribution**.
**Note:** After you choose **Create distribution**, it might take 20 or more minutes for your distribution to deploy.
## Add CNAME record
- Copy the distribution domain name from CloudFront
- Create a new CNAME record in your DNS zone pointing to the distribution domain name
## Sources
[Use CloudFront to serve HTTPS requests for your S3 bucket | AWS re:Post](https://repost.aws/knowledge-center/cloudfront-https-requests-s3)