Transferring DNS and Web Hosting to AWS

Posted by Niky Morgan on December 20, 2017

I recently decided to move my personal website hosting to AWS. I did this for a few reasons:

  • the rate for web hosting on GoDaddy went up significantly for the second year
  • static website hosting on AWS is relatively simple and cost pennies a month
  • I recently had dipped my toe into AWS for work and wanted to experiment with it more

There are ultimately three elements that I decided to transfer to AWS: my domain registration, my DNS hosting and my web hosting. Many companies will bundle combinations of these services when users sign up for hosting, but understanding the difference between them is important.

Domain Registrar

Domain registries (not registrars) are organizations that manage domain extensions (like .com) and create policies for these domains. Domain registrars are accredited organizations that can license domains to users. Each domain registry also stores DNS (Domain Name System) hosting information for that domain. If users wants to change their registry records, they must do it through the registrar. After purchase the registrar also tells the rest of the internet where the site’s DNS is hosted.

DNS Hosting

A DNS host stores DNS records for a site, meaning it can direct users to the server that hosts the files for the website (the web host). A DNS host responds to the client request with the IP address for where the website content is stored. IP (or Internet Protocol) addresses are unique addresses for each computer connection. In order to find the files that make the website, the client computer needs to know who to ask (or where to look). In real world terms, if I wanted to see the Mona Lisa I would have to look up the address for the Louvre to know where to find it. DNS hosts also store the records that direct email and other web services for a domain.

Web Hosting

The web host is what holds the content. Web host servers store static files (images, HTML, CSS and JavaScript) and serve dynamic files (Ruby, Python, Go, PHP and some JavaScript frameworks). These web servers are where the website IP address comes from.

Domain Name System

All of these pieces are connected by DNS (or Domain Name System), a complex system which translates a human-readable website address into a computer-readable IP address. Without it, typing a url in a browser address bar is meaningless: a computer won’t know what ‘google.com’ means without this process. Overall the simplified translation process looks something like this:

When a client computer makes a request for a website address, this request first goes to a DNS resolver which forwards the request to the appropriate registrar. That registrar replies with the addresses of the domain nameservers where the DNS is hosted. The nameservers respond to the requesting computer with the IP address where the website content is hosted. The client computer now has the computer-readable IP address and can make a request to that.

Transferring to AWS

It is possible to have different companies responsible for each of these pieces, but I decided to move it all to AWS at once. If I left my DNS registration with GoDaddy, I would have to wait for my domain to expire in another year and then repurchase it on the new service. This lag time made me uneasy. (What if some alternate Niky Morgan tried to purchase my highly desirable domain immediately after my registration ended?) If I transferred my registration now, I could set it to auto-renew and avoid this issue.

Since I was moving my web hosting as well, I saved all my static website files into Amazon cloud storage with an S3 bucket. This bucket was named after my domain nikym.org. Amazon also wanted a separate bucket for the www subdomain (www.nikym.org). Only the first bucket holds all the files: the www bucket will redirect to the apex domain bucket. My current website is HTML, CSS and JavaScript, so storing static files is all I need in terms of web hosting. For websites that require serving dynamic assets, a more complex setup involving EC2 for cloud computing is required. S3 buckets default to private, so I had to set my apex domain’s S3 bucket privacy settings to allow public read access.

While an S3 bucket is all it takes to serve an HTTP website, for an HTTPS connection Cloudfront is necessary. Cloudfront distributes and encrypts website assets and also stores the SSL certificate for the domain. I made a Cloudfront distribution for each bucket, set the Origin value as the endpoint for the S3 bucket and set the Alternate Domain Names (CNAMEs) value to the website domain (or subdomain) name. Under Behaviors I also selected to redirect HTTP to HTTPS and limited the allowed HTTP methods to GET, HEAD. In order for HTTPS to work, the Cloudfront distribution needs to have an SSL certificate which Amazon will provide for free.

Since my registrar and DNS host were the same, I transferred my DNS hosting before my registration. Some services package free DNS hosting with registration and might cancel DNS service when they receive a registration transfer request, so transferring the DNS services first was the safest method. Route 53 is the DNS service for Amazon. There are specific requirements for allowing a DNS transfer for Top-Level Domains (i.e. .com, .org, .edu) and Amazon only supports certain TLDs.

I created a hosted zone on Route 53 that had the same name as my top-level domain so I could tell the hosted zone where to direct traffic. Since I was also moving my web hosting to AWS, I couldn’t copy any records over from my previous DNS service. All my DNS settings would have new AWS values.

Both the apex (or base) domain and the www domain need A (Alias) records which have the Alias Target of their respective Cloudfront distributions (or S3 buckets if Cloudfront isn’t being used). The Cloudfront distributions and S3 buckets should automatically populate as dropdown options if the naming has been consistent. NS and SOA records should be provided by Route 53. MX records route email traffic, so update them accordingly. I gave my original DNS hosting provider the new NS (nameserver) record information so they could complete the DNS transfer to AWS.

With web and DNS hosting transferred, I was set to transfer registration. Amazon will send an email to the contact listed on the domain registration, so I ensured the record was public, my domain was unlocked and the email address listed was current.

The Route 53 console has a transfer domain option. If the domain is available to transfer, it asks for a registration code (from the previous registrar) and nameserver information. I imported my new nameserver information from the hosted zone I created, reentered my contact info and completed my purchase. Now all my web and DNS services are on AWS!