## Request a certificate - Open [Certificate Manager console](https://console.aws.amazon.com/acm/home) - Click on Request - Select Request a public certificate - Put in the domain for the certificate - Select the validation method. Usually you will want to use DNS validation ![[Pasted image 20240826144958.png]] - Select key algorithm. Most cases RSA 2048 is fine ![[Pasted image 20240826145114.png]] - Click the Request button to start the DNS validation process - On the next page, AWS will display the CNAME record you need to create for the validation. Add that CNAME in your DNS zone - After the validation has completed you will see the certificate is now in the "issued" status. You can move on to the next step ## Add CloudFront Distribution - Open the [CloudFront console](https://console.aws.amazon.com/cloudfront/). - Under **Origin**, for **Origin domain**, choose your S3 bucket's REST API endpoint from the dropdown list. Or, enter your S3 bucket's website endpoint. For more information, see [Key differences between a website endpoint and a REST API endpoint](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff). - Under **Default cache behavior**, **Viewer**, for **Viewer Protocol Policy**, select **HTTP and HTTPS** or **Redirect HTTP to HTTPS**. **Note:** Choosing **HTTPS Only** blocks all HTTP requests. - For **Alternate Domain Names (CNAMEs)**, choose **Add item**, and then enter your alternate domain name. - For **Custom SSL Certificate**, choose the custom SSL certificate from the dropdown list that covers your CNAME to assign it to the distribution. **Note:** For more information on installing a certificate, see [How do I configure my CloudFront distribution to use an SSL/TLS certificate?](https://repost.aws/knowledge-center/install-ssl-cloudfront) - Choose **Create distribution**. **Note:** After you choose **Create distribution**, it might take 20 or more minutes for your distribution to deploy. ## Add CNAME record - Copy the distribution domain name from CloudFront - Create a new CNAME record in your DNS zone pointing to the distribution domain name ## Sources [Use CloudFront to serve HTTPS requests for your S3 bucket | AWS re:Post](https://repost.aws/knowledge-center/cloudfront-https-requests-s3)