I want to host a HTTPS-only static website using Amazon S3 and CloudFront. Here's what I've done so far:

1. Set up an S3 bucket for static website hosting and put my website files in it
2. Created a CloudFront distribution and pointed it to the S3 bucket
3. Added a CNAME record in my domain's nameservers for the www subdomain pointing to the CloudFront bucket.

So far, so good - I can access my website using the www.example.com address. However, I want the site to be available via HTTPS only, for which I bought an SSL certificate from GoDaddy.

Now, the question is:

1. Is there a way to install this third-party SSL certificate on my S3-hosted website?
2. Is there a way to have an automatic http to https redirect with this setup?

Yes, as of today you can do it at no charge.

You can now use HTTPS with CNAMEs on CloudFront as it now supports custom SSL certificates using Server Name Indication (SNI): http://aws.typepad.com/aws/2014/03/server-name-indication-sni-and-http-redirection-for-amazon-cloudfront.html

I managed to set up a free Class 1 StartSSL cert for my CloudFront distributed static site on S3 without too much trouble (see: CloudFront error when serving over HTTPS using SNI).

On 2016-01-21 AWS launched AWS Certificate Manager, which is a free service that allows you to issue a SSL certificate to be used with Elastic Load Balancer and Cloud Front (along with S3 too).

You can learn more at: https://aws.amazon.com/certificate-manager/

And you can check how to deploy your S3 + Cloudfront website with free SSL from AWS at: https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/

As of today, Cloudfront offers custom SSL: http://aws.amazon.com/cloudfront/pricing/

Keep in mind, they are charging $600 / month. More details on the link above.

For me I had to upload a simple React website to S3. As barbolo describes you need a certificate to access site through SSL. If the static site that you want to deploy is simple enough you can:

1. Upload to S3.
2. Do not select "Static Website Hosting"
3. Convert all relative links (to css, js, etc) to absolute links.

e.g. from /css/media.css you should convert it to https://s3-region-amazonaws.com/bucket-name/css/media.css (for me I had to change only links in index.html)

4. Make only the contents of bucket public.

Thats it. You can access the index file through https.

A Simple site is a site with a main index.html file that points to some css and js pages.

In addition to @wikichen's answer.

From: https://aws.amazon.com/cloudfront/custom-ssl-domains/

By default, you can deliver your content to viewers over HTTPS by using your CloudFront distribution domain name in your URLs, for example, https://dxxxxx.cloudfront.net/image.jpg.

If you want to deliver your content over HTTPS using your own domain name and your own SSL certificate, you can use one of our Custom SSL certificate support features.