--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Recently Changed Pages:

View All Pages

View All Tags


WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.

Pages with comments

View All Comments


Transfer Domain to AWS

After Getting Started With AWS and Getting Started With Office 365 I now also want to migrate my website to aws. This article describes the steps to do so. Used technologies:

  • Route 53
  • AWS Certificate Manager
  • CloudFront
Note that I'm actually transferring my test domain to AWS in this article.

If you're looking on registering a new domain in AWS see the register_new_domain, as that is described here as well.

Before You Start

Take Notes

Take notes of your current DNS records, as some of them will need to be re-entered at Route 53. For the very minimum you'll need all records related to email (MX and possibly CNAME and TXT).

This was the list I had, just to give you an idea:

A *
A localhost
CNAME autodiscover
MX [Highest (10) Priority]
MX [Default (30) Priority]
TXT MS=ms39844372
TXT v=spf1 -all
SRV _autodiscover._tcp 100 443

Your name servers might also be nice to review, as they change over the course of this article and you might want to know the old values. To check you can use this link:;

Requirements before Transfer

Before you can transfer a domain to AWS there are some requirements you need to check some requirements. It basically comes down to:

  • The domain must have been registered at least 60 days ago
  • No changes to the domain in the last 60 days
  • The domain cannot have any of the following domain name status codes:
    • clientTransferProhibited
    • pendingDelete
    • pendingTransfer
    • redemptionPeriod
    • serverTransferProhibited

You can check the status by doing a whois search here for .nl or here for all domains.

If you want to know what the status means check the ICANN website and search for “EPP status codes”.

Start Transfer of DNS

Cancel your current hosting

Transferring a domain starts with cancelling your current hosting to retrieve the authorization code. This depends on the registrar:


Start by transferring DNS first:

  • In the AWS Console go to the route 53 service
  • Go to DNS Management → Get started Now
  • Create Hosted Zone
    • Fill in the domain name “” and set the type to “public hosted zone” and click create

Create the records you noted before you began by clicking Create Record Set.

Name Servers

In the hosted zone you now see the name servers for your domain, in my case they were:

Provide the NS servers to the registrar to have these updated. (otherwise the internet will keep pointing towards the old hoster, probably until the (ended) contract actually ends)

You have now successfully transferred the dns hosting of your domain.

Transfer Domain

Now you can transfer the domain.

Transfer Domain from Route 53

  • In the AWS Console go to the route 53 service
  • Go to Domains → Registered domains
  • Click on Transfer Domain
  • Enter the name of the domain for which you want to transfer registration to Route 53, and choose Check, and click on Add to cart to continue
  • Fill in the authorization code and select to “Import name servers from a Route 53 hosted zone that has the same name as the domain”
  • Fill in the Registration Contact Details
  • Review all details and click “Complete Purchase”
Note that from this point you can do nothing more but wait. With me it only took a few hours before everything was done.

Create DNS Records and Aliases

My domain is now a static S3 website, so I took these steps to make sure the A records point to the correct S3 bucket:

  • In the AWS Console go to the route 53 service
  • Go to the list of hosted zones and click the name of your domain (
  • Since we already created the A records we will delete the existing A records before we will create the new ones:
    • Select the A records and click “Delete Record Set” and confirm your action. When done, continue below
  • Choose Create Record Set.
    • Name: Accept the default value for the first record, which is the name of your hosted zone and your domain. This will route internet traffic to the bucket that has the same name as your domain.
    • Type: Choose A – IPv4 address.
    • Alias: Choose Yes.
    • Alias Target: Type the name of your Amazon S3 bucket endpoint, (
    • Routing Policy: Accept the default value of Simple.
    • Evaluate Target Health: Accept the default value of No.
    • Choose Create.

Repeat this step to create a second record for your subdomain. For the second record, type www in the name field. This will route internet traffic to the bucket

You specify the same value for Alias Target for both records. Route 53 figures out which bucket to route traffic to based on the name of the record. For the first record it lets you choose the specific S3 bucket, for the second one the domain name.

Note it can take up to 30 minutes before the new A records work. In my case the domain and the redirect worked immediately.

Add Certificate to S3 Website

To make sure the website is available over a secure connection you need to request a certificate. But as S3 is static, you'll need a service to provide these certificates to your website visitors. So we'll use AWS Certificate Manager to create the certificate and Cloudfront to provide the secure endpoint for our S3 website.

In short, you'll need to follow these steps:

AWS Certificate Manager

  • Sign into the AWS Management Console and open the ACM console at
  • Set the region to US East (N.Virginia)
  • Click Get started to start with the Request a Certificate page.
  • Click “Request a Certificate”
  • Enter as the domainname, and click “Add another name to this certificate” to add * to the certififcate
  • As DNS validation is the preferred option and it is possible for me to manage DNS I choose DNS validation
  • Review and confirm
  • You must now validate that you own the domain. If you expand the two domain names ( and * you'll see a button to “Create record in Route 53”. As I host the domain in route 53 that is very userfriendly. Simply click on the button and click Create again. Now you'll see: Success. The DNS record was written to your Route 53 hosted zone. It may take up to 30 minutes for the changes to propagate, and for AWS to validate the domain.
  • Click continue to return to the main AWS Certificate Manager screen.

You now can check if you want in route 53 that the records have been created, and in my case I had to wait somewhere between 5 and 10 minutes for the domain to verify. IN AWS Certificate Manager the certificate is now available.

Note that the certificate has a Renewal Eligibility as InEligible. This will change to Eligible as soon as you use the certificate with Cloudfront for your website.


  • Go to the Cloudfront console. Notice that the Region is now global.
  • Click Create Distribution, and click Get Started in the web section, ad fill in the required fields:
    • Origin Domain Name: This is the name of the s3 bucket name that holds your website without the www: (clicking in the field wil provide a drop down box)
    • Viewer Protocol Policy: Redirect HTTP to HTTPS
    • Set the alternate domain names (CNAMEs) to and and any other CNAMEs you might need
    • Choose Custom SSL Certificate and select the certificate created in the previous step from the drop down
    • Set the default root object to index.html
  • Keep all other defaults in place and click Create Distribution.

In the CloudFront console you should now see your Cloudfront domain name, something like

Access Denied Error for CloudFront Distributions

If you don't set the default root object (to index.html) you'll run into this error:

This XML file does not appear to have any style information associated with it. The document tree is shown below.
        <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>38627D4AC9B31057</RequestId><HostId>rtPkecF6qx7M8EwQEszNo/5r7W8xe0nGoaz3zrUIWyMT4nHokN5IkQym7qoeh68qdC831IUqARM=</HostId></Error>

Route 53

  • Go to the Route 53 console
  • Go to your hosted zone and click your domain
  • Change the A records earlier created that now still point to the S3 bucket to point to the cloudfront distribution

Before: A ALIAS (z1bkctxd74ezpe) A ALIAS (z31sryyd9xxxqi)

After: A ALIAS (z2fdtndataqyw2) A ALIAS (z31sryyd9xxxqi)
Note that the second one, the alias for www has not changed.

You can now check if everything is ok, if it's not working after 30 minutes check the Cloudfront distribution status. It can take a while to go from “In Progress” to “Deployed”

Change a Static S3 Website with CloudFront

Cloudfront also caches your website. To invalidate the cache so your changes are displayed immediately:

  • Go to the cloudfront console
  • Click on the ID of your distribution
  • Click on the Invalidations tab
  • Click on the Create Invalidation button
  • Enter /* as the invalidations path to clear the entire cache for the static S3 website

Register New Domain

  • Go to the Route 53 console
  • Go to “Registered domains”
  • Click “Register Domain”
  • Enter the domain with extension
  • If available, click “Add to cart”
    • If not available, check the suggestions for a good option or choose another domainname
  • When done selecting domains, click continue
  • Enter the details for your Registrant, Administrative and Technical contacts. Keep Registrant, Administrative and Technical Contacts are all the same: Yes
    • Fill in all details and click continue
  • Review details and verify the email address of the registrant
  • Click “Complete Purchase”

Registering a new domain: what's next?

  • Domain registration might take up to three days to complete.
  • We'll send email to the registrant contact when the domain is successfully registered.
  • We'll also send email to the registrant contact if we aren't able to register the domain for some reason.
  • You can view the current status of your request on the dashboard in the Route 53 console.
Took only a few minutes before I got the email with confirmation on registering.


You could leave a comment if you were logged in.
transferdomaintoaws.txt · Last modified: 2021/09/23 22:25 (external edit)