How to run a static blog on AWS

Today I will describe how to build, deploy and serve a website similar to this one. We will primarily use AWS services.

Step 1: Buy a domain name

Most domain names can be bought using AWS’s Route 53. Route 53 is the AWS service responsible for all things related to DNS - you can buy domains, set up records for your domains, and so on. Use Route 53 to buy your domain name. Let us assume your domain name is

Step 2: Cert Manager

Once you have purchased a domain, obtain a new SSL certificate for the domain that you purchased. This is so that you can serve requests at AWS has a service called Certificate Manager that is designed exactly for this purpose. Note that you MUST use the us-east-1 or N.Virginia region for your certificate to work with Cloudfront

While creating the certificate, provide two names in the list of domains:


This will allow your certificate to be used from either or

Step 3: S3

S3 stands for Simple Storage Service and it can store files of any kind. Create a new bucket in S3(any region) that will contain all your static assets. Block public access to your S3 bucket. Upload your static assets if you have them, or a dummy index.html if you don’t.

Step 4: Cloudfront

Cloudfront is a CDN(content distribution network) which will help us in serving our website to every corner of the world, handlng HTTPS, enforcing custom rules, etc. Create a new Cloudfront distribution that will serve your traffic. Use the following settings for your distribution.

  • Origin Path : select your bucket name from the drop down, it should look like
  • Origin Access Identity : create a new identity if you don’t already have one. This is so that Cloudfront can “read” the contents of your S3 bucket. Don’t select the option for auto-updating the bucket’s policy - we will come back to that
  • Viewer Protocol Policy : I recommend using Redirect HTTP to HTTPS. This will ensure that user requests to always get redirected to
  • SSL certificate : select the certificate that you created in AWS Cert Manager
  • Security policy : use TLSv1.2
  • Default root object: index.html
  • Turn off Logging
  • Price class: Use All Edge Locations (Best Performance)
  • Supported HTTP Versions: HTTP/2, HTTP/1.1, HTTP/1.0
  • IPv6: Enabled

Step 5: S3

Update your S3 bucket’s policy to look like:

    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity {OAI-ID}"
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::{bucket-name}/*"

where in you MUST

Test that you can access your website by opening your Cloudfront domain in a browser. The domain should look like {random-text}

Step 5: Route 53

Navigate to your hosted zones in Route 53 and select the zone for your domain. Add the following A records to the zone

Name Type Alias Target A - IPv4 address Yes A - IPv4 address Yes

Step 6: Success!

Navigate to & - they should both work and redirect you to the https version of your website.