UPDATE
Some specifics:
The Cloudfront distribution uses an S3 Static website hosting endpoint which looks something like: bucket.name.s3-website-us-east-1.amazonaws.com
.
This redirects to the actual website.
According to this http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html?shortFooter=true#DownloadDistValuesOriginProtocolPolicy :
Origin Protocol Policy (Amazon EC2, Elastic Load Balancing, and Other Custom Origins Only)
The protocol policy that you want CloudFront to use when fetching objects from your origin server.
Important
If your Amazon S3 bucket is configured as a website endpoint, you must specify HTTP Only. Amazon S3 doesn't support HTTPS connections in that configuration.
it seems you can only have HTTP Only
. Is that correct? Is there no say to specify HTTPS Only
or Match Viewer
?
I'm asking because I've seen blogs that seem to indicate that Match Viewer
is possible. E.g.
https://simonecarletti.com/blog/2016/08/redirect-domain-https-amazon-cloudfront/
https://karelledru.com/2016/06/static-site-hosting-on-S3-and-CloudFront/
This link says
The value of the Origin Protocol Policy field in the CloudFront console or,
if you're using the CloudFront API, the OriginProtocolPolicy element in the
DistributionConfig complex type. In the CloudFront console, the options are
HTTP Only, HTTPS Only, and Match Viewer.
but I don't see an Origin Protocol Policy
field in the console.