Enabling https and custom domain for webapp requires some adjustment. First, make sure that your bucket policy matches this.

Step-by-step guide

Here are 3 key steps that are easy to forget.

  1. For CloudFront, use Web and select end point from dropdown. The end point doesn't have region (e.g., hycom-sdt-integration.s3.amazonaws.com).
  2. Set Alternate Domain Names (CNAMEs) to daav.gisdemo.net.
  3. Use A record and Alias in Route 53. Alias should point to cloudfront hostname. Don't use CNAME


It takes a while to make a new CloudFront distribution ready. You can only have up to five certificates in a certificate chain. Reduce the number of certificates in the chain, and then try again.