Custom domain with Route 53 and CloudFront for an Astro SSG blog (4/5)

Let's wrap up the blog

At this stage, what we have already feels solid:

• An Astro blog
• Static HTML
• S3 + CloudFront serving content fast
• Clean URLs
• Near-zero cost

What’s missing to really call this done:

• a custom domain
• HTTPS
• letting Google know we’re around

That’s it.
No strange setups, no long nights wrestling with DNS records (spoiler: AWS behaves nicely here).

---

What we're doing in this post

Straightforward and in order:

1. Buy a domain (outside AWS)
2. Manage DNS with Route 53
3. Create and associate SSL certificates
4. Connect the domain to CloudFront
5. Register the site in Google Search Console

Once we’re done:

👉 the blog will be reachable from your domain, with HTTPS, and visible to Google.

---

Step 1 — Buy the domain (wherever you want)

No mystery here. Buy the domain wherever it feels easiest.

Some common providers:

• Raiola Networks↗
• Hostinger↗
• DonDominio (usually good pricing)
• AWS Route 53 (also works just fine)

The provider itself isn’t the point.
What really matters is that it lets you change nameservers.

---

Step 2 — Create the hosted zone in Route 53

Now we jump into AWS.

In Route 53:

• Hosted zones → Create hosted zone
• Domain name: yourdomain.com
• Type: Public hosted zone

Once it’s created, AWS gives you:

• 4 NS records (nameservers)
• 1 SOA record (zone authority)

These nameservers are what we’ll need next.

---

Step 3 — Link the domain with Route 53

Head back to the provider where you bought the domain.

Look for something like:

• “DNS Servers”
• “Nameservers”
• “DNS Management”

Replace the current nameservers with the ones Route 53 gave you.

Example:

DNS Propagation

This change:

• sometimes kicks in almost instantly
• sometimes takes a few hours

To check what’s going on:

• https://intodns.io↗
• https://dnschecker.org↗
• https://www.whatsmydns.net↗

When the NS records point to AWS, we keep moving.

---

Step 4 — SSL certificate (HTTPS) with AWS ACM

Important detail: CloudFront only accepts certificates created in us-east-1. Keep that in mind.

CLI option (quick)

Console option (more visual)

• Go to AWS Certificate Manager
• Request certificate
• Public certificate
• Domains: yourdomain.com and www.yourdomain.com
• Validation: DNS
• Leave the rest as default

ACM will give you a CNAME record to prove domain ownership.

---

Step 5 — Validate the certificate in Route 53

In Route 53 → Hosted zone for your domain:

• Create record
• Type: CNAME
• Copy the values exactly as ACM shows them

Many times AWS offers a “Create records in Route 53” button. If you see it, click it and move on.

After a few minutes: 👉 the certificate switches to Issued.

Save the certificate ARN. You’ll need it.

---

Step 6 — Associate the domain and SSL with CloudFront

Back to CloudFront.

In your distribution:

• General → Edit

Set:

• Alternate domain name (CNAME) → yourdomain.com
• Custom SSL certificate → select the certificate
• HTTP versions → HTTPS/2 and HTTPS/3

Save changes.

CloudFront needs some time to apply everything. Totally normal. Grab a coffee.

---

Step 7 — Create the DNS record pointing to CloudFront

In Route 53 → Hosted zone:

• Create record
• Type: A
• Alias: yes
• Target: your CloudFront distribution domain

This wires things up like this: 👉 yourdomain.com → CloudFront → S3

Once propagation finishes: 🎉 the blog should load over HTTPS with your custom domain.

---

Step 8 — Google Search Console (tell Google you exist)

Now for something less infra-heavy, still essential.

Create property

• https://search.google.com/search-console↗
• Add property
• Type: Domain

Google gives you a TXT record.

Verify domain

In Route 53:

• Create record
• Type: TXT
• Paste the value Google provides

Wait a few minutes, then verify.

---

Step 9 — Submit the sitemap

In Search Console:

• Sitemaps
• Add sitemap

With Astro, the default is:

Done.

From here:

• Google starts crawling
• impressions appear in “Performance”
• indexing happens gradually (this part takes patience)

---

How to check everything is working

A few quick checks that usually catch everything:

• https://yourdomain.com loads
• https://yourdomain.com/blog/ works without index.html
• https://yourdomain.com/sitemap-index.xml exists
• Search Console shows no major errors

If something feels off:

• check DNS
• check the certificate region is us-east-1
• check the domain is linked to CloudFront

---

What we actually did

Stepping back, this is all pretty standard:

• A domain
• DNS handled by AWS
• HTTPS without touching certificates by hand
• Google properly notified

Known building blocks, no strange tricks.

---

What's left to do

The blog is live and reachable by anyone, so…

In the next (and final) post:

• Add CI with GitHub Actions
• Deploy automatically on every push
• Remove the “manual step” from deployment

Close the loop end to end.

---

"Now we just need to automate deployment to wrap it up nicely."

Posts in this series

1️⃣ Part 1: A blog shouldn't be a SaaS
2️⃣ Part 2: Preparing an Astro blog with good judgment
3️⃣ Part 3: S3 + CloudFront to serve a fast and cheap static blog
👉 Part 4: Custom domain with Route 53 and CloudFront for an Astro SSG blog
5️⃣ Part 5: Automate deployment of an Astro SSG blog with GitHub Actions and AWS
🐙 GitHub Repo: demo-astro-ssg-s3-cloudfront↗