Summary: Follow the steps to transfer a domain to AWS Route53.
Date: 26 April 2020
Refactor: 29 April 2025: Checked links and formatting.

After Getting Started With AWS and Getting Started With Office 365 I now also want to migrate my website to aws. This article describes the steps to do so. Used technologies:

• Route 53
• AWS Certificate Manager
• CloudFront

Note that I'm actually transferring my test domain warmetal.nl to AWS in this article.

If you're looking on registering a new domain in AWS see the register_new_domain, as that is described here as well.

Take notes of your current DNS records, as some of them will need to be re-entered at Route 53. For the very minimum you'll need all records related to email (MX and possibly CNAME and TXT).

This was the list I had, just to give you an idea:

A warmetal.nl 83.137.194.58
A * warmetal.nl 83.137.194.58
A localhost warmetal.nl 127.0.0.1
CNAME autodiscover warmetal.nl autodiscover.outlook.com
MX [Highest (10) Priority] warmetal.nl warmetal-nl.mail.protection.outlook.com
MX [Default (30) Priority] warmetal.nl warmetal.nl
TXT warmetal.nl MS=ms39844372
TXT warmetal.nl v=spf1 include:spf.protection.outlook.com -all
SRV _autodiscover._tcp warmetal.nl 100 443 autodiscover.hosting2go.nl
HOST warmetal-nl.mail.protection.outlook.com

Your name servers might also be nice to review, as they change over the course of this article and you might want to know the old values. To check you can use this link: https://viewdns.info/dnsrecord/?domain=warmetal.nl

ns1.hosting2go.nl; ns2.hosting2go.nl
SOA: ns1.hosting2go.nl

Before you can transfer a domain to AWS there are some requirements you need to check some requirements. It basically comes down to:

• The domain must have been registered at least 60 days ago
• No changes to the domain in the last 60 days
• The domain cannot have any of the following domain name status codes:
  • clientTransferProhibited
  • pendingDelete
  • pendingTransfer
  • redemptionPeriod
  • serverTransferProhibited

You can check the status by doing a whois search here for .nl or here for all domains.

If you want to know what the status means check the ICANN website and search for “EPP status codes”.

Transferring a domain starts with cancelling your current hosting to retrieve the authorization code. This depends on the registrar:

• Hosting2Go: https://www.hosting2go.nl/klantenservice/domeinen/verhuizen/ik-wil-mijn-domeinnaam-naar-een-andere-hoster-verhuizen

Start by transferring DNS first:

• In the AWS Console go to the route 53 service
• Go to DNS Management → Get started Now
• Create Hosted Zone
  • Fill in the domain name “warmetal.nl” and set the type to “public hosted zone” and click create

Create the records you noted before you began by clicking Create Record Set.

In the hosted zone you now see the name servers for your domain, in my case they were:

ns-709.awsdns-24.net
ns-1656.awsdns-15.co.uk
ns-1291.awsdns-33.org
ns-211.awsdns-26.com

Provide the NS servers to the registrar to have these updated. (otherwise the internet will keep pointing towards the old hoster, probably until the (ended) contract actually ends)

You have now successfully transferred the dns hosting of your domain.

Now you can transfer the domain.

• In the AWS Console go to the route 53 service
• Go to Domains → Registered domains
• Click on Transfer Domain
• Enter the name of the domain for which you want to transfer registration to Route 53, and choose Check, and click on Add to cart to continue
• Fill in the authorization code and select to “Import name servers from a Route 53 hosted zone that has the same name as the domain”
• Fill in the Registration Contact Details
• Review all details and click “Complete Purchase”

Note that from this point you can do nothing more but wait. With me it only took a few hours before everything was done.

My domain is now a static S3 website, so I took these steps to make sure the A records point to the correct S3 bucket:

• In the AWS Console go to the route 53 service
• Go to the list of hosted zones and click the name of your domain (warmetal.nl)
• Since we already created the A records we will delete the existing A records before we will create the new ones:
  • Select the A records and click “Delete Record Set” and confirm your action. When done, continue below
• Choose Create Record Set.
  • Name: Accept the default value for the first record, which is the name of your hosted zone and your domain. This will route internet traffic to the bucket that has the same name as your domain.
  • Type: Choose A – IPv4 address.
  • Alias: Choose Yes.
  • Alias Target: Type the name of your Amazon S3 bucket endpoint,warmetal.nl (s3-website-eu-west-1.amazonaws.com)
  • Routing Policy: Accept the default value of Simple.
  • Evaluate Target Health: Accept the default value of No.
  • Choose Create.

Repeat this step to create a second record for your subdomain. For the second record, type www in the name field. This will route internet traffic to the www.warmetal.nl bucket

You specify the same value for Alias Target for both records. Route 53 figures out which bucket to route traffic to based on the name of the record. For the first record it lets you choose the specific S3 bucket, for the second one the domain name.

Note it can take up to 30 minutes before the new A records work. In my case the domain and the redirect worked immediately.

To make sure the website is available over a secure connection you need to request a certificate. But as S3 is static, you'll need a service to provide these certificates to your website visitors. So we'll use AWS Certificate Manager to create the certificate and Cloudfront to provide the secure endpoint for our S3 website.

In short, you'll need to follow these steps:

• Request a Certificate through AWS Certificate Manager as described here
  • Note: You need to request the certificate in AWS Region: US East (N. Virginia)
  • Validate the email or create a DNS record
  • Note that renewal is managed by AWS as long as you use AWS integrated services (for example CloudFront):
• Use Cloudfront to host the certificate for your S3 bucket
• Set the Route 53 alias record

• Sign into the AWS Management Console and open the ACM console at https://console.aws.amazon.com/acm/home.
• Set the region to US East (N.Virginia)
• Click Get started to start with the Request a Certificate page.
• Click “Request a Certificate”
• Enter warmetal.nl as the domainname, and click “Add another name to this certificate” to add *.warmetal.nl to the certififcate
• As DNS validation is the preferred option and it is possible for me to manage DNS I choose DNS validation
• Review and confirm
• You must now validate that you own the domain. If you expand the two domain names (warmetal.nl and *.warmetal.nl) you'll see a button to “Create record in Route 53”. As I host the domain in route 53 that is very userfriendly. Simply click on the button and click Create again. Now you'll see: Success. The DNS record was written to your Route 53 hosted zone. It may take up to 30 minutes for the changes to propagate, and for AWS to validate the domain.
• Click continue to return to the main AWS Certificate Manager screen.

You now can check if you want in route 53 that the records have been created, and in my case I had to wait somewhere between 5 and 10 minutes for the domain to verify. IN AWS Certificate Manager the certificate is now available.

Note that the certificate has a Renewal Eligibility as InEligible. This will change to Eligible as soon as you use the certificate with Cloudfront for your website.

• Go to the Cloudfront console. Notice that the Region is now global.
• Click Create Distribution, and click Get Started in the web section, ad fill in the required fields:
  • Origin Domain Name: This is the name of the s3 bucket name that holds your website without the www: warmetal.nl.s3.amazonaws.com (clicking in the field wil provide a drop down box)
  • Viewer Protocol Policy: Redirect HTTP to HTTPS
  • Set the alternate domain names (CNAMEs) to warmetal.nl and www.warmetal.nl and any other CNAMEs you might need
  • Choose Custom SSL Certificate and select the certificate created in the previous step from the drop down
  • Set the default root object to index.html
• Keep all other defaults in place and click Create Distribution.

In the CloudFront console you should now see your Cloudfront domain name, something like d3kxw0a7zy32o4.cloudfront.net

If you don't set the default root object (to index.html) you'll run into this error:

This XML file does not appear to have any style information associated with it. The document tree is shown below.
        <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>38627D4AC9B31057</RequestId><HostId>rtPkecF6qx7M8EwQEszNo/5r7W8xe0nGoaz3zrUIWyMT4nHokN5IkQym7qoeh68qdC831IUqARM=</HostId></Error>

• Go to the Route 53 console
• Go to your hosted zone and click your domain
• Change the A records earlier created that now still point to the S3 bucket to point to the cloudfront distribution

Before:

warmetal.nl. A ALIAS s3-website-eu-west-1.amazonaws.com. (z1bkctxd74ezpe)
www.warmetal.nl. A ALIAS warmetal.nl. (z31sryyd9xxxqi)

After:

warmetal.nl. A ALIAS d3kxw0a7zy32o4.cloudfront.net. (z2fdtndataqyw2)
www.warmetal.nl. A ALIAS warmetal.nl. (z31sryyd9xxxqi)

Note that the second one, the alias for www has not changed.

You can now check if everything is ok, if it's not working after 30 minutes check the Cloudfront distribution status. It can take a while to go from “In Progress” to “Deployed”

Cloudfront also caches your website. To invalidate the cache so your changes are displayed immediately:

• Go to the cloudfront console
• Click on the ID of your distribution
• Click on the Invalidations tab
• Click on the Create Invalidation button
• Enter /* as the invalidations path to clear the entire cache for the static S3 website

• Go to the Route 53 console
• Go to “Registered domains”
• Click “Register Domain”
• Enter the domain with extension
• If available, click “Add to cart”
  • If not available, check the suggestions for a good option or choose another domainname
• When done selecting domains, click continue
• Enter the details for your Registrant, Administrative and Technical contacts. Keep Registrant, Administrative and Technical Contacts are all the same: Yes
  • Fill in all details and click continue
• Review details and verify the email address of the registrant
• Click “Complete Purchase”

Registering a new domain: what's next?

• Domain registration might take up to three days to complete.
• We'll send email to the registrant contact when the domain is successfully registered.
• We'll also send email to the registrant contact if we aren't able to register the domain for some reason.
• You can view the current status of your request on the dashboard in the Route 53 console.

Took only a few minutes before I got the email with confirmation on registering.

• AWS: Making Amazon Route 53 the DNS Service for an Existing Domain https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html
• AWS: Making Route 53 the DNS Service for an Inactive Domain: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-inactive.html
• AWS: Transferring Registration for a Domain to Amazon Route 53: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-to-route-53.html
• AWS: Register a new domain: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar.html