Setting up a (secure) static website using Amazon S3 and Amazon Cloudfront in 2025

Want to make a static website, using Amazon S3 - and you’d like it secured and given proper HTTPS from Amazon Cloudfront? And you don’t want to expose the S3 bucket to the world? Here’s how to do it. (This is updated, and AWS have made this much easier. Well done AWS.)

Create an S3 bucket

Keep all the settings at default for now. Specifically:

Leave “object ownership” as the default ACLs disabled
Keep “block all public access” selected

Create a Cloudfront distribution

When it gets to “Origin type”… select “Amazon S3”, and find the S3 bucket you want.

For “Settings”, leave it as default, which will update your S3 access policy.

One you’ve created it all, under “General” for the distribution, you might want to:

Add HTTP/3 support because why not
Add the default root object of index.html (no backslash)
Keep IPv6 on; and then create the distribution.

Do the DNS for the Cloudfront distribution

Go into Route 53, and create a record by clicking “alias” -> alias to Cloudfront distribution -> choose the distribution. Your new Cloudfront distribution should show.

Then do it again, changing “A” to “AAAA” for the IPv6 version.

(You’d have thought this would be automated somehow by AWS, but no).

Put some HTML into the S3 bucket

You’ll want to call it index.html - though you can frankly get away with just writing “hello world” into a file and saving it.

Visit your website including the /index.html and it should work nicely.

Hurray?

Previously:

Better user interfaces in cars change radio listening

Happy 100, Aussie Radio