Day 5: Day 5

Today's Objective

Register and configure a domain with Route 53, issue a free TLS certificate with ACM, and put CloudFront in front of your app.

Route 53, ACM, and CloudFront

By day 4 you have: a static frontend on S3, a containerized API on App Runner, and a database on RDS. Now you need a custom domain, HTTPS, and a CDN. Route 53 + ACM + CloudFront handles all of that.

Register or Transfer a Domain with Route 53

terminal_-_create_hosted_zone.txt

TERMINAL — CREATE HOSTED ZONE

# If domain is already registered elsewhere, create a hosted zone
aws route53 create-hosted-zone \
  --name myapp.com \
  --caller-reference $(date +%s)

# Get the nameservers to add at your registrar
aws route53 list-hosted-zones-by-name \
  --dns-name myapp.com \
  --query 'HostedZones[0].Id' --output text

Issue a Free TLS Certificate with ACM

terminal_-_request_certificate.txt

TERMINAL — REQUEST CERTIFICATE

# IMPORTANT: ACM certificates for CloudFront MUST be in us-east-1
aws acm request-certificate \
  --domain-name myapp.com \
  --subject-alternative-names "*.myapp.com" \
  --validation-method DNS \
  --region us-east-1

# Get the CNAME validation record
aws acm describe-certificate \
  --certificate-arn arn:aws:acm:us-east-1:123:certificate/abc \
  --query 'Certificate.DomainValidationOptions[0].ResourceRecord'

Add the CNAME validation record to Route 53 — ACM will validate automatically within a few minutes.

Create a CloudFront Distribution

cloudfront.json_-_distribution_config.txt

CLOUDFRONT.JSON — DISTRIBUTION CONFIG

{
  "Origins": {
    "Quantity": 1,
    "Items": [{
      "Id": "S3Origin",
      "DomainName": "myapp.s3-website-us-east-1.amazonaws.com",
      "CustomOriginConfig": {
        "HTTPPort": 80,
        "OriginProtocolPolicy": "http-only"
      }
    }]
  },
  "DefaultCacheBehavior": {
    "TargetOriginId": "S3Origin",
    "ViewerProtocolPolicy": "redirect-to-https",
    "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
    "Compress": true
  },
  "ViewerCertificate": {
    "ACMCertificateArn": "arn:aws:acm:us-east-1:123:certificate/abc",
    "SslSupportMethod": "sni-only",
    "MinimumProtocolVersion": "TLSv1.2_2021"
  },
  "Aliases": { "Quantity": 1, "Items": ["myapp.com"] },
  "Enabled": true,
  "HttpVersion": "http2"
}

Point Route 53 to CloudFront

route_53_-_a_record_alias_to_cloudfront.txt

ROUTE 53 — A RECORD ALIAS TO CLOUDFRONT

{
  "Changes": [{
    "Action": "CREATE",
    "ResourceRecordSet": {
      "Name": "myapp.com",
      "Type": "A",
      "AliasTarget": {
        "HostedZoneId": "Z2FDTNDATAQYW2",
        "DNSName": "d1234abcde.cloudfront.net",
        "EvaluateTargetHealth": false
      }
    }
  }]
}

CloudFront's hosted zone for Route 53 aliases is always Z2FDTNDATAQYW2 — that's the magic string you need for every CloudFront alias record.

Day 5 Exercise

Create a Route 53 hosted zone for your domain
Request an ACM certificate in us-east-1 with DNS validation
Create a CloudFront distribution pointing to your S3 static site
Add an A record alias in Route 53 pointing to CloudFront
Visit your custom domain over HTTPS and confirm it works

Course Complete

Back to Course Overview

→

Course Complete

Completing all five days means having a solid working knowledge of Aws Deploy. The skills here translate directly to real projects. The next step is practice — pick a project and build something with what was learned.

Supporting Videos & Reading

Go deeper with these external references.

YouTube

Day 5 — Video Walkthroughs Community tutorials and walkthroughs covering the concepts in this lesson.

→

YouTube

Day 5 Explained Deep-dive explanations and live-coding sessions from top educators.

→

Official Docs

Official Documentation Primary reference documentation for the technologies covered in this lesson.

→

GitHub

Open Source Examples Real-world codebases demonstrating the patterns taught in this lesson.

→

Day 5 Checkpoint

Before moving on, verify you can answer these without looking:

What is the core concept introduced in this lesson, and why does it matter?
What are the two or three most common mistakes practitioners make with this topic?
Can you explain the key code pattern from this lesson to a colleague in plain language?
What would break first if you skipped the safeguards or best practices described here?
How does today's topic connect to what comes in Day the final lesson?

Live Bootcamp

Learn this in person — 2 days, 5 cities

Thu–Fri sessions in Denver, Los Angeles, New York, Chicago, and Dallas. $1,490 per seat. June–October 2026.

Reserve Your Seat →

Back to Course

Aws Deploy — Full Course Overview

→