DevOpsLesson
DevOpsLesson

Free, comprehensive DevOps tutorials and learning roadmaps. Master Docker, Kubernetes, CI/CD, and more.

Stay Updated

Get notified about new tutorials and features.

Tutorials

  • What is DevOps?
  • Docker Tutorial
  • Terraform Tutorial
  • CI/CD Pipeline
  • All Tutorials

Roadmaps

  • DevOps Engineer
  • Cloud Engineer
  • SRE Path
  • All Roadmaps

Company

  • About Us
  • Blog
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 DevOpsLesson. All rights reserved.

DOCKERKUBERNETESTERRAFORMAWSCI/CDLINUXGITDEVOPS ROADMAPCLOUD ROADMAPSRE ROADMAPGIT CHEATSHEETDOCKER CHEATSHEETK8S CHEATSHEETTF CHEATSHEETLINUX CHEATSHEETDOCKERFILE LINTERYAML VALIDATORCRON PARSERREGEX TESTER

Aws Tutorial

Introduction to AWS
AWS Global Infrastructure
Setting Up AWS
AWS IAM
AWS EC2
AWS VPC
AWS S3
AWS RDS
AWS Lambda
AWS ECS and EKS
AWS CloudWatch
AWS CodePipeline
AWS Cost Optimization
AWS Elastic Load Balancing
AWS Auto Scaling
AWS CloudFront
AWS Route 53
AWS DynamoDB
AWS ElastiCache
AWS SQS
AWS SNS
AWS EventBridge
AWS Step Functions
AWS API Gateway
AWS ECR
AWS EKS
AWS CloudFormation
AWS Elastic Beanstalk
AWS KMS
AWS Secrets Manager
AWS WAF and Shield
AWS CloudTrail
AWS Config
AWS Systems Manager
AWS Organizations
AWS EFS
AWS EBS Deep Dive
AWS Kinesis
AWS Athena
AWS CodeDeploy
AWS CodeCommit
AWS CDK
AWS SAM

AWS CloudFront SSL and Custom Domains

PreviousPrev
Next

Learn how to use ACM certificates, custom domains, HTTPS redirects, and minimum TLS settings with CloudFront.

AWS CloudFront SSL and Custom Domains makes CloudFront suitable for production websites by pairing edge caching with trusted HTTPS endpoints and branded domains. For DevOps teams, it matters because it lets teams terminate TLS at the edge and enforce secure access without operating their own certificate servers. Instead of relying on one fragile manual configuration, you can design a repeatable service boundary that stays stable while the workload behind it changes.

Core ideas

The main ideas to understand are ACM certificates used with CloudFront must be requested or imported in the us-east-1 region; custom domains are attached as alternate domain names and usually mapped from Route 53 alias records; viewer protocol policies can redirect HTTP to HTTPS so end users consistently reach the secure endpoint; and minimum TLS version settings allow you to balance compatibility with modern security expectations. These details shape architecture decisions, but they also shape day-to-day operations. When a team chooses defaults without understanding how the service behaves under failure, scale, or security review, the platform often becomes harder to debug than the application itself.

SettingPurposeGood default
ACM certificateProvides HTTPS identityIssue in us-east-1 for CloudFront
Viewer protocol policyHandles HTTP requestsRedirect HTTP to HTTPS
Minimum TLS versionControls client security floorUse a modern supported version

From an operations perspective, the goal is to bind the correct certificate and domain names while avoiding weak TLS settings that create unnecessary exposure. The comparison below highlights the choices that usually matter first. It is often better to start with a simpler design and add sophistication only after metrics, incidents, or delivery requirements prove the change is necessary.

Practical commands

aws acm list-certificates --region us-east-1 --output table
aws cloudfront get-distribution --id EXAMPLE123 --query 'Distribution.DistributionConfig.ViewerCertificate'

Practical CLI checks make the service easier to support in real environments. Use the commands below to inspect the current state and confirm that automation matches intent. Before you promote a change, verify certificate coverage for every alternate domain name and redirect behaviour after DNS changes propagate. A safe default is testing older clients only when required, then setting the highest practical minimum TLS version for the audience. That discipline makes later troubleshooting, scaling, and security reviews far less painful.

Exercise

Certificate region

In which region must an ACM certificate be available for CloudFront?

Exercise

HTTPS behaviour

Which CloudFront setting redirects users from HTTP to HTTPS?

PreviousPrev
Next

Continue Learning

AWS Auto Scaling Policies

Learn how target tracking, step scaling, simple scaling, and scheduled actions control EC2 fleet growth in AWS.

10 min·Intermediate

AWS CloudFront

Learn how Amazon CloudFront caches content at edge locations and accelerates access to S3, ALB, EC2, and custom origins.

15 min·Intermediate

AWS CloudFront Distributions

Understand how to create CloudFront distributions with the right origin settings, cache behaviours, access restrictions, and price class.

12 min·Intermediate

Explore Related Topics

Te

Terraform Tutorials

Manage AWS infrastructure as code

Li

Linux Tutorials

Essential Linux skills for working with EC2

On This Page

Core ideasPractical commands