Unfortunately, Amazon S3 does not support HTTPS connections, it only supports HTTP. We have set the Route 53 record sets to use a CloudFront distribution, but we haven't enabled support to HTTPS in CloudFront yet.
But why should we support HTTPS? There are many reasons nowadays. Let's list some of them:
- We are building an online store. We need to handle logins and payment transactions. Doing such things without an encrypted connection is not safe. It's too easy to eavesdrop the network and steal sensitive data.
- HTTP/2 is the newest protocol and is much faster than the old HTTP/1.1 version. Currently, all major browsers that support HTTP/2 require HTTPS. It is not possible to support HTTP/2 over an unencrypted HTTP connection.
- HTTP/2 with encryption is faster than HTTP/1.1 without encryption. Troy Hunt shows an interesting demo at this link: https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage. In his test, loading a website with hundreds of small files was 80 percent faster with HTTP/2 over TLS due to the multiplexing feature of the newer protocol.
- Another good reason is privacy. Using HTTPS everywhere helps to keep your browsing data safe. It's not enough because the domain names of the sites that you visit will continue to be exposed, but it helps a lot. The pages that you visit and the things that you read or write will not be (easily) compromised because data will always be transferred with encryption.
If you are convinced and want to support HTTPS, follow these steps:
- Create a mail exchange record in Route 53.
- Request a free SSL/TLS certificate to AWS.
- Edit the CloudFront distribution to use this new certificate.
The first step, to create a mail account, is necessary because AWS will only issue a free SSL/TLS certificate if you prove that you own the domain, and this verification is done by following a link sent to the admin@example.com e-mail address.