Moving a website to Amazon AWS

We recently moved one of our websites from a "full service" web hosting service to an AWS S3 Static Website. This page gives a step-by-step guide to set up an AWS Static website and some hints on the process. It includes the full procedure from scratch.

Comment: There is a set of perfectly good documentation available on this procedure on the AWS website and other places. But IOHO it’s fragmented and confusing and some of the non-Amazon web sites are out of date. So we compiled this detailed (but, er, rather long) set of instructions. This was written in October 2025.

Prerequisites

• We assume that you own the domain name mydomain.com managed with your own separate domain manager.

  You could get a domain name directly through AWS Route 53, but as far as we know, this is a more expensive option than using a domain name manager like Active Domain or GoDaddy.

• You have an Amazon AWS account. If not, see Create an AWS Account.

  You will be using the following Amazon AWS services:

  • S3
  • Route 53
  • CloudFront
  • IAM
  • Certificate Manager

• You have downloaded to your local computer a complete copy of all your website files (.html, .js, .txt, .zip, etc) organized in the correct folder structure.

  Note you cannot have any dynamic pages on your static website (the clue is in the name). So no .php, .cgi, Python or Perl scripts. (There is a way to add Python scripts, but that’s much more complicated and out of scope here.) There’s no support for a cgi-bin directory or .htaccess files. But you can use Javascript, which is client-side, so .js files are OK and any inline JavaScript will work; and you can offer .txt and .zip files and similar files.

The end result is your users will able to access all of these URLs:

• http://mydomain.com/
• https://mydomain.com/
• http://www.mydomain.com/
• https://www.mydomain.com/

Substitute your own domain name for mydomain.com in all the following instructions.

Overall steps

1. Create two Amazon S3 buckets mydomain.com and www.mydomain.com
   • Setup the primary bucket mydomain.com to Host a static website (this bucket will contain all your website HTML pages)
   • Setup the subdomain bucket www.mydomain.com to Redirect requests for an object back to your primary bucket mydomain.com.
2. Setup a Route 53 hosted zone with A-records to your domain and subdomain.
   • Copy the DNS namespace values into your domain name manager.
3. Test that it works so far.
4. Setup a Cloudfront distribution. This enables access using the secure https protocol.
5. Get Access Keys for your S3 bucket.
6. Copy all your website files to your S3 bucket.

Detailed procedure

Create two Amazon S3 buckets

1. Sign into your AWS account and select Amazon S3.

   • Click the 9-dot "waffle" menu button at the top left, next to the aws logo, click All services on the left, then > S > S3

2. Select United States (N. Virginia) from the dropbox in the black toolbar strip (top right hand side).

   • It seems this static web site setup only works in region us-east-1 (that may have changed)

3. Click on the Create bucket button

   1. Select the General purpose radio button.
   2. In Bucket name enter your domain name e.g. mydomain.com
   3. Otherwise accept all other default options.

4. Click on your primary bucket (mydomain.com) on the Buckets page, then click on Properties in the top white menu bar.

   1. Scroll down to the bottom to find Static website hosting and click on Edit
   2. Select the Enable radio button for Static website hosting, and Host a static website.
   3. Under Index document enter index.html (you could use something different, but honestly, always use this).
   4. Click on Save changes (scroll down, bottom right of page)

5. Staying on the primary mydomain.com S3 bucket page, click on Permissions

   1. Click on Edit for Block public access (bucket settings)

   2. Uncheck the Block all public access box then Save changes. This should show an orange !Off message under "Block all public access" when you return to the Permissions page.

   3. Click on the Edit button for Bucket policy.

   4. Paste the following JSON into the Policy box.

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "PublicReadGetObject",
                  "Effect": "Allow",
                  "Principal": "*",
                  "Action": "s3:GetObject",
                  "Resource": "arn:aws:s3:::mydomain.com/*"
              }
          ]
      }

      replacing mydomain.com with your domain name. (Note it is followed by /*, make sure you don’t delete that). Then click on Save changes at the bottom of the page.

6. Click on your sub-domain bucket (www.mydomain.com) on the Buckets page, then click on Properties in the top white menu bar.

   1. Edit the Static website hosting section (bottom of page).
   2. Enable Static website hosting
   3. But this time select Redirect requests for an object
   4. Enter your primary bucket name under Host name e.g. mydomain.com
   5. Select none for Protocol then Save Changes.

   Note you do not need to change permissions for the www. website hosting bucket or set any bucket policy. These can stay as the default "Block all public access".

Setup a Route 53 hosted zone

1. Select Route 53 (use the 9-dot hamburger menu, top left)

2. Select Hosted zones in the left-hand menu

3. Click on Create hosted zone (orange button, top right)

   1. Set the Domain name to your domain name e.g. mydomain.com
   2. Select Public hosted zone then Create hosted zone button at bottom right.

4. Click on your hosted zone name in the list then Create record

   1. Leave Record name blank and choose Record type A.
   2. Set the Alias switch to on
   3. Under Route traffic to choose the endpoint Alias to S3 website endpoint and choose region US East (N. Virginia) (us-east-1).
   4. Click on Add another record
   5. Set Record name subdomain to www and record type to A.
   6. Set the Alias switch to on
   7. Set Choose endpoint to Alias to another record in this hosted zone and choose region us-east-1.
   8. Click Create records.

You should now have a list of records for mydomain.com. You need to copy the 4 values for the NS record to set the Nameservers on your domain management site. These should look similar to

ns-1647.awsdns-15.co.uk
ns-795.awsdns-24.net
ns-108.awsdns-13.com
ns-1398.awsdns-33.org

5. In a separate browser tab, log into your domain name manager, select your domain and find the Manage Name Servers or Update Nameservers or DNS > Nameservers option or similar.

6. Copy the 4 values from the NS record in the AWS hosted zone details to the Nameserver 1, Nameserver 2, Nameserver 3 and Nameserver 4 entries. Delete any other existing entries. Then click the Submit or Update button. This should take anything from a few minutes to 48 hours to propagate and work for you on the live internet.

Test that it works so far

To test things are working so far, add a test index page, then see if you can find it on the internet.

Add an index page

1. Use a text editor to create a test file index.html on your local system. Note this filename must match the name of the Index document you set for your static website.

   <!DOCTYPE html>
   <html lang="en">
   <head>
       <meta charset="utf-8">
       <title>Page Title</title>
   </head>
   <body>
       <!-- Page content goes here -->
       <p>Hello world!</p>
   </body>
   </html>

2. Open S3 buckets, select your primary bucket (mydomain.com) and click on Upload.

3. Use the Add files or drag-and-drop options to upload the file index.html you just made.

At this stage you should have two pages live on the internet: http://mydomain.com/ and http://www.mydomain.com. These will appear when the new values for nameservers you set on your domain name manager finally get propagated. Typically a few minutes.

You can also check the direct AWS links:

1. Open the Amazon S3 menu and select your primary domain bucket mydomain.com, click on Properties then scroll down to Static website hosting at the bottom of the page.

2. Click the link to open the Bucket website endpoint. This should look similar to:

   http://mydomain.com.s3-website-us-east-1.amazonaws.com

   This should open your website index page using the http protocol. An AWS simple website does not support the https protocol. To do that we need to setup a Cloudfront distribution (coming next).

   • If this endpoint link works, it means you have set up your AWS static website hosting correctly. So far, so good.
   • If the url http://mydomain.com/ does not work in your browser, then either your Route 53 settings are wrong or you need to wait for the new domain nameserver values to propagate (have a cup of tea, read a book, come back later…)

3. Take a note of the endpoint value excluding the http:\\ prefix; that is the string

   mydomain.com.s3-website-us-east-1.amazonaws.com

   You will need this later (S3-origin-value).

At this stage you could upload all your website files to the primary bucket (see Copy all your website files) and your whole static site should now work, but just for the http protocol, which these days is pretty useless as most browser insist on https or flag it as security error. To enable https we need to create a Cloudfront distribution.

Setup a Cloudfront distribution

1. Open the AWS Cloudfront menu.

2. Click on Create distribution button (orange, top right)

3. Enter a Distribution name. This is just a label, so you can use mydomain.com or mydomain_com or any other string you want.

4. Select Single website or app for Distribution type then Next.

5. Select Amazon S3 as the Origin type.

6. For S3 origin enter the value you saved earlier. This should be automatic. mydomain.com.s3-website-us-east-1.amazonaws.com

7. Keep the other default values and click Next at the bottom of the page.

8. Select Do not enable security protections (unless you want to pay extra for it - you can come back later and change this). Click Next then Create distribution.

9. Back in the Distributions page, click on your new distribution (something like E4BDBLFV79ETAB) and click the Add domain button in the Settings panel.

   • This takes you through a 3-step process to configure your domains and get a TLS certificate.

10. In the Domains to serve box enter your primary domian mydomain.com. Then click Add another domain and enter the subdomain www.mydomain.com. Then click Next.

11. Select Create a new certificate. It should automatically offer to create a certificate for your two domains mydomain.com and www.mydomain.com. Click on Create certificate then Next

12. Review your changes: Check it includes both your domains and a new TLS certiciate that covers both those domains. Click Add domains. This should take you back to the Distributions page and will take a few minutes to deploy.

13. From the Distributions page select your distribution, then click on the Origins tab and click Create origin (If an origin already exists, select the radio button and click Edit)

    1. Under Origin domain enter the webpoint origin you copied from above mydomain.com.s3-website-us-east-1.amazonaws.com.
    2. Under Protocol select HTTP only - this is most important. It is the only option offered but you must check it nonetheless. If you don’t you will get 504 timeout errors when you try to load your web page and you will stay up all night wondering where the problem is.
    3. Click on Create origin

14. Your distribution Settings should show your two "Alternate domain names" and a "Custom SSL certificate" for your domain e.g. mydomain.com. Click on Route domains to CloudFront. This updates your Route 53 settings.

15. You are now done! You should be able to access https://mydomain.com/ and https://www.mydomain.com

16. As a check, go back to the Route 53 menu and click Hosted zones in the left side menu, then click on your Hosted zone name, it should now show you 8 records, most with values like ddgv... or _0d1d.... These have been setup by CloudFront to work directly through it. The original four NS records you copied earlier should still be the same.

Getting Access Keys for your S3 bucket.

You need a pair of Access Keys to use other utilities to read, write and delete files in your S3 bucket (in AWS terminology these are called "objects"). You could use your main AWS root login to do this but DO NOT DO THAT!. Instead create a user that only has access to your primary S3 bucket.

Do this by creating a policy that only allows access to your S3 bucket then attaching this to new user.

1. Find and open the IAM page (Identity and Access Management).

2. Click on Policies in the left side menu.

3. Click on Create policy.

4. Under Select a service choose S3

5. In the Policy editor section at the top of the page click on JSON.

6. Overwrite any existing text in Policy editor with the following:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                   "s3:GetBucketLocation",
                   "s3:ListAllMyBuckets"
               ],
               "Resource": "arn:aws:s3:::*"
           },
           {
               "Effect": "Allow",
               "Action": "s3:*",
               "Resource": [
                   "arn:aws:s3:::mydomain.com",
                   "arn:aws:s3:::mydomain.com/*"
               ]
           }
       ]
   }

   replacing mydomain.com with your domain name. Then click Next

7. Enter a Policy name e.g. examplecombucketonly then click Create policy at the bottom of the page.

8. Back in the Policies page, select Users in the left side menu

9. Click on Create user (top right)

10. Enter a User name, e.g. examplecomuser then click Next

11. Select Attach policies directly then click Next.

12. In the Permissions policies search box enter the name you chose for the policy e.g. examplecombucketonly then check the box next to it and click Next.

13. In the Review and create menu click Create user

14. Back in the Users screen click on the user you just created e.g. examplecomuser.

15. Click on Create access key (top right) then select a use case (we’re not sure it matters, just the severity of the warnings change). Accept all consequences then click Next and Create access key. This will show two access keys.

16. Make sure you copy both the Access Key (beginning "AKIA…") and the Secret access key (in base64 format) and save them somewhere secure.

    • Also click on Download .csv file and store this somewhere safe.

Copy all your website files

1. You can now copy all your website files into your primary mydomain.com S3 bucket.

2. You can use the clunky Upload button on the S3 bucket page. If you have a lot of files you may want to use the AWS CLI command-line utility instead.

   • You will need the Access Key and Secret Access Key to set this up. To start use

     aws configure

   • The command to copy all your files and recursive directory structure from the current directory (the root of your local website files) is

     aws s3 cp . s3://mydomain.com/ --recursive

     You can test this first by adding the option --dryrun.

3. For day-to-day maintenance of files, we recommend using WinSCP, which has an option to manage Amazon S3 buckets.

   1. Open WinSCP and select New Site at the top pf the left-hand column.
   2. For File Protocol select Amazon S3
   3. Enter your Access key ID and Secret access key then click on Save
   4. Use the Login button to log in. This should show you a dual screen with your local and remote files where you can drag and drop files.

Contact us

To contact us, please send us a message. To make a comment see below.

This page first published 25 October 2025. Last updated 27 October 2025