# Securely Host Website with AWS CloudFront + Private S3 + Route 53 (Custom Domain + HTTPS)

---

## 🌍 Introduction

If you directly host a static site on **AWS S3 (public)**, your files are exposed to the internet. This is fine for simple hosting, but not secure for production.

The **best practice** is:

* Keep your **S3 bucket private**
* Serve content via **CloudFront** (with caching + HTTPS)
* Map domain using **Route 53**

This way, CloudFront acts as a **secure CDN**, while S3 only accepts requests from CloudFront ✅

By the end, you’ll have this flow:
👉 **Browser → Route 53 (DNS) → CloudFront (HTTPS + caching + SSL) → S3 (private)**

---

## 🔒 Step 1: Keep Your S3 Bucket Private

* Block Public Access = **ON ✅** (default)
* Disable **Static Website Hosting**
* Remove any public bucket policy

👉 Your bucket should have **no public access**.

---

## ⚡ Step 2: Create a CloudFront Distribution

* Go to **CloudFront → Distributions → Create Distribution**
* **Custom Domain**: Enter your domain name (`myapp.com`)
* If no SSL → Request a free SSL certificate from **ACM** and attach it
* **Specify Origin**:

  * Origin type → **S3**
  * Origin → Select your bucket
  * Origin Path → `/index.html` (if required)
  * Enable **OAC (Origin Access Control)** → Allows CloudFront to access your private S3 bucket
* Leave other settings as default
* (Optional) WAF → Not needed for now
* Save distribution

---

## 📜 Step 3: Update S3 Bucket Policy

* After CloudFront is created → it will suggest a **bucket policy** (under Settings → Origins → Edit)
* Copy that policy and paste it into your **S3 bucket policy** section
* ✅ This ensures that **only CloudFront can read from your S3 bucket**

---

## 🌐 Step 4: Update Route 53 DNS

* Go to your **Hosted Zone** (example: `myapp.com`)
* Create a **Record**:

  * Name → `myapp.com`
  * Type → A (Alias)
  * Alias → **Yes**
  * Target → Select your CloudFront distribution
* (Optional) Create another record for `www.myapp.com` → CloudFront

---

## 🧪 Step 5: Test Setup

* Wait 5–15 minutes for **CloudFront distribution** to deploy
* Open:

  ```
  https://myapp.com
  ```
* Flow is now:
  **Browser → Route 53 → CloudFront → S3 (private)** 🎉

---

## 🎯 Conclusion

With this setup, you get a **secure and production-ready website hosting** on AWS:

✅ Private S3 bucket (no public exposure)
✅ CloudFront with HTTPS + caching
✅ Custom domain via Route 53
✅ Free SSL from ACM

This is the **recommended AWS architecture** for static site hosting in production 🚀

---

## ✅ Next Steps

🚀 Be interview-ready in the era of AI & Cloud — start your DevOps journey today!  
💡 YouTube won’t get you a job. Real projects + real internship certificate will.  
🔥 AI is reshaping jobs. Don’t watch it happen, be part of it with DevOps & Cloud skills.  
🎯 ₹2000/month today = Dream job tomorrow. Secure your spot now.  
⏳ Every month you wait, Cloud + AI jobs are being filled. Don’t miss out!  
🌐 DevOps + AWS + AI = The skillset every recruiter is hunting for in 2025.  

👉 Register now at [TechEazy Consulting](https://www.techeazyconsulting.com)
---

