To summarize, we did the following in this recipe:
- We created a CloudFront distribution, specifying the root domain, the WWW sub-domain, and the ACM certificate ARN
- We created A records for the root domain and the WWW sub-domain
- We hit the root domain and the WWW sub-domain with an HTTPS prefix from a web browser, and received a response from the S3 bucket with a secure message in the browser
A CloudFront distribution supports SSL or TLS certificates in three ways: a default CloudFront certificate, an ACM certificate, and an IAM certificate. Previously, we used the default CloudFront certificate. In this recipe, we used an ACM SSL certificate, and that is the preferred way. An IAM certificate can only be used if a region does not support ACM. The steps to generate an IAM certificate are available in the Creating SSL certificates with ACM recipe, in Chapter 9, Serverless Architecture Patterns and Practices.