Adding Custom Domains and SSL/TLS with AWS Amplify

Woohoo! You’ve spun up your first AWS Amplify app successfully thanks to the work we did in our first post. That was cool until you realized that now you have some funky domain name like ka8enrkjasdf8het.amplifyapps.com which is not super friendly (unless your business happens to be named ka8enrkjasdf8het LLC).

Configuring a Custom Domain and SSL/TLS on AWS Route53

My domain that’s going to be used in the example is also hosted on AWS using the Route53 service. Another of my favorite on-demand services that I really adore because of how easy it is to configure both in the GUI and programmatically. Did I mention I have too many domains?!

You may have noticed that there’s a little wizard at the top of your AWS Amplify app configuration. These 5 steps show that I have just one completed, so now it’s time to click that second item!

AWS Amplify takes over from here and starts us down the road with the wizard-driven process to set up our DNS for our chosen custom domain. Note that this is my Route53 domain but does also work with externally hosted domains. You just have to do a couple of manual steps.

You use the Add Domain button and this becomes where you choose your Route53 domain which is auto-populated. This is why it’s handy to do a lot of stuff on one provider 🙂

Your root domain will be the default, assigned in this case to the master branch. You can set up subdomains and even use sub-branches in your repo. This example is the most simple possible version which will be a root domain (ericwright.ca) and the www CNAME being assigned to redirect to the root.

We set the Amplify wizard loose and this is where we get to just watch things turn from grey to blue and finally to green. First step is the backend configuration for our SSL (or TLS…that’s up to you how you want to refer to it).

Your SSL cert has been created by Amplify because the backend already knows how to configure your domain since it’s Route53. You may even see a short popup that displays the CNAME that is about to be injected into the DNS zone. This is the next phase that we reach:

You have the next phase done and it’s on the the last part of the backend configuration to active the domain using the new TLS/SSL. You’ll notice that this is all happening automatically. How cool is that?!

Now you’re ready to go! New domain configuration for you AWS Amplify app. New SSL/TLS cert created and attached, and all the Cloudfront updates are done.

Hang on a few minutes…it may be faster, but let’s be realistic and wait for the 5 minutes for all the DNS goodness to clear up. You can now go to the root domain or www of the domain and you are presented with a website and an active certificate for a secure HTTPS connection. Boom!

But, What’s the Downside?

I adore the ease-of-use and manageability of the service. Easy to setup, and easy to tear down. The issue will come with the obscurity of where all this stuff sits in the backend.

You can’t go digging around to find your SSL/TLS certificates like you can in the traditional AWS console using Certificate Manager. Maybe that’s the price of free..well, free-ish. It’s included is really the more accurate way to describe it.

There is Lots of Upside

Let’s review the good stuff as we close out:

  • Easy to use
  • Inexpensive
  • Custom domains without having to do heavy lifting
  • Custom SSL/TLS with auto-renewal and auto-configuration
  • Custom redirects and subdomains
  • Supports lots of adjacent services
  • Supports lots of static page types and languages

Overall, I’m a fan. I know there are alternatives in the market like Firebase and others so I will dig into variants to see where the wins and losses are for features and capabilities. The gravity factor for me is that I have all of my other infrastructure on AWS already, so it’s a natural fit.

Got something else you want to try with AWS Amplify? Hit me up in the comment section. I’m glad to help however I can!