How to host static sites with TLS on AWS

1. Register or transfer nameservers to AWS
2. Create SSL certificate for domain
   Request a public certificate. Enter two records in the domain name: domain.tld and www.domain.tld. Select DNS validation - this will add some entries for domain in Route53
3. Create S3 buckets
   One for domain name: domain.tld and another for www.domain.tld. Uncheck - block all public access to make the bucket public. In the ACL set Everyone to Read.
   Enable static website hosting: for domain.tld bucket - set index as index.hrml and for www.domain.tld set is as redirect request via https to domain.tld.
   Upload files to domain.tld bucket.
4. CloudFront distributions
   We’ll use two separate CloudFront distributions: one to specifically handle domain.tld, and a second to handle www.domain.tld to make it SEO friendly:
   Origin - set target S3 bucket
   Redirect HTTP to HTTPS
   Compress objects automatically
   Alternate domain name: set domain.tld or www.domain.tld respectively
   SSL Certificate - select the certificate you created above
   Default Root Object: set to index.html
5. Configure Route53
   Create two A aliases for domain.tld and www.domain.tld which will point to respective CloudFront distributions

You should be able now to access via TLS the domain.tld. www.domain.tld will be redirected to domain.tld automaticallly.