This simple web page is being served by CloudFront.

It consists of an S3 bucket with Static website hosting enabled:

The bucket contains two files:

The index.html is as follows:

<html xmlns="" >
    <title>TheTrainIT Home Page</title>
  <h1>Welcome to my website</h1>
  <p>Now hosted on Amazon S3 via CloudFront!</p>
  <p><img src="BikeA44.jpg" alt="my bike image"/>

I created a CloudFront distribution, using all the defaults apart from the following:

  • Custom Domain Name:
  • Default Root Object: index.html
  • SSL Certificate: *

The custom domain supports access to the site using your organization’s DNS name rather than the auto-generated name for the distribution.

To support HTTPS  access, I selected a certificate * which was obtained using AWS Certificate Manager. The certificate is free, but can only be used with services such as CloudFront and ALB, and not with EC2. For EC2, you would have to use a certificate obtained from a 3rd party CA.

In Route 53 I created an Alias record. An Alias record is an Amazon specific record type which allows the organization DNS name to be mapped to the CloudFront auto-generated name for the distribution.

Using Chrome: More Tools>Developer Tools, Network tab, you can see if the page was a hit or miss from CloudFront. To test, clear the browser cache and refresh the page.

To test HTTPS access, insert https:// at the front of the  URL.

You can inspect details of the certificate and the certificate chain.

The site gets an A on SSL Labs:

I enabled CloudFront access logging to an S3 bucket. The logs are in .gz format. I used 7-zip to extract and notepad++ to view the log. This is an extract from one of the log entries:

2018-08-07 16:07:48 LHR3-C1 x.x.x.x GET /BikeA44.jpg

Notice the LHR3 code. The edge locations are coded based on the nearest international airport, here London Heathrow. In the UK, the edge locations  are in Manchester and London. The origin for the S3 bucket is in Ireland.