I recently put a website live on AWS — bought the domain on GoDaddy, hosted the site on Amazon’s cloud, and got it running on secure HTTPS for roughly a dollar a month. This is the guide I wish I’d had: no jargon, no assumptions, and honest about the small traps that cost me time so they don’t cost you any.
It’s written for someone who is comfortable clicking around a website but has never touched a cloud console. If that’s you, you can do this.
What we’re actually building (the mental model)
A live website is really just five simple pieces working together. Once you see them as five jobs, the whole thing stops being mysterious:
- A domain — your address, like
yourname.com. You rent this from a registrar (we’ll use GoDaddy). - Storage — somewhere to keep your website’s files. On AWS this is a service called S3 (think of it as a private folder in the cloud).
- A certificate — the thing that makes the little padlock and
https://appear, so visitors’ connections are encrypted. AWS gives this out free via a service called ACM. - A delivery network (CDN) — a service that serves your files fast from locations around the world and adds security. On AWS this is CloudFront.
- DNS — the “phone book” that connects your domain name to where the site actually lives. We’ll use AWS’s Route 53.
That’s it. Domain, storage, certificate, delivery, phone book. Everything below is just setting up those five.
What it costs
This surprises people: hosting a small website this way is almost free.
- Storage (S3): a few megabytes of files — less than a cent a month.
- Certificate (ACM): free, always.
- CDN (CloudFront): the free tier covers far more traffic than a small site will ever use — effectively \$0.
- DNS (Route 53): about \$0.50 a month for the “hosted zone.” This is the only guaranteed charge.
- Domain (GoDaddy): a yearly fee for the name itself, typically a few hundred rupees to a couple of thousand depending on the extension.
So, roughly a dollar a month for the hosting, plus your annual domain fee. (Prices are estimates and can change — always glance at the AWS pricing pages and your first bill.)
Step 1 — Buy your domain on GoDaddy
Go to GoDaddy, search for the name you want, and buy it. That’s the easy part. You don’t need GoDaddy’s hosting add-ons or website builder — just the domain. Skip the upsells.
One tip: GoDaddy will also try to sell you a professional email mailbox on your domain. That’s genuinely useful and separate from your website — but if you buy it, remember it for later, because it affects one of the steps below.
Step 2 — Create your AWS account (and lock it down)
Sign up at aws.amazon.com. You’ll need a payment method — and here’s the first honest warning: make sure your payment method is fully set up and working. New AWS accounts get verified before they’re allowed to use certain services, and a missing or disabled payment method can leave you stuck later.
Once you’re in, spend ten minutes on safety before anything else:
- The account you sign up with is the all-powerful “root” account. Turn on two-factor authentication for it, then stop using it.
- Create a normal user for yourself for day-to-day work, also with two-factor on.
- Set a billing alert so you’re emailed if spend ever crosses, say, \$5. This is your safety net.
None of this costs anything, and it’s the difference between “secure” and “a problem waiting to happen.”
Step 3 — Put your website files in S3
In the AWS console, open S3 and create a bucket (a bucket is just a named folder).
- Pick a region close to your audience — for India, Mumbai is the right choice. Pick one region and use it consistently; mixing regions is a common source of confusion.
- Leave “Block all public access” switched ON. This feels backwards — isn’t a website supposed to be public? — but it’s correct. Your files stay private in S3, and the CDN (Step 6) is the only thing allowed to read them. This is the secure, modern pattern.
- Then upload your website files (your
index.htmland friends) into the bucket.
Step 4 — Get your free HTTPS certificate
Open Certificate Manager (ACM) and request a public certificate for your domain — list both the plain version (yourname.com) and the www version (www.yourname.com) so both work.
Here’s gotcha number two, and it’s a big one: the certificate must be created in the “N. Virginia (us-east-1)” region, even though everything else of yours is in Mumbai. This is a hard AWS requirement for the CDN — it only accepts certificates from that one region. So switch your region to N. Virginia just for this step, then switch back. Miss this and the CDN simply won’t let you attach your certificate later.
The certificate will sit as “Pending validation” until the next step proves you own the domain.
Step 5 — Set up DNS with Route 53, and point GoDaddy at it
This is the step with the most moving parts, so go slowly.
Open Route 53 and create a hosted zone for your domain. AWS gives you four “nameservers” (addresses ending in awsdns). The plan is to tell GoDaddy: “don’t manage my DNS anymore — let AWS do it.” You do that by replacing GoDaddy’s nameservers with the four AWS ones (in GoDaddy: your domain → Nameservers → Change → Custom).
But — gotcha number three, and this one can break your email. When you hand DNS to AWS, AWS only knows the records you’ve put in it. If you bought that GoDaddy email mailbox, the records that route your email live in GoDaddy’s DNS, and they do not come across automatically. If you switch nameservers without copying them first, your email stops working.
So the safe order is:
- In GoDaddy, look at your current DNS records and note every email-related one (they have types like MX, TXT, CNAME, and SRV).
- Recreate those same records inside your new Route 53 zone.
- Then switch the nameservers at GoDaddy.
Do it in that order and your email never skips a beat.
Once the nameservers are switched, go back to your pending certificate and let AWS add the validation records to Route 53 for you (there’s a one-click button). After DNS propagates — usually minutes, sometimes a few hours — the certificate flips to “Issued” on its own.
Step 6 — Create the CloudFront delivery network
Open CloudFront and create a distribution. In plain terms, you’re telling AWS: “serve the files from my S3 bucket, over HTTPS, to the whole world, securely.”
The key choices:
- Point it at your S3 bucket.
- Choose the option to let CloudFront access your private bucket (often called Origin Access Control). This is what keeps S3 private while letting the CDN in — and it sets up the permissions for you automatically.
- Set it to redirect HTTP to HTTPS so visitors always get the secure version.
- Add both your domain names (
yourname.comandwww.yourname.com). - Attach the certificate you issued in Step 4.
Gotcha number four: brand-new AWS accounts often can’t create a CloudFront distribution immediately. You may hit a message saying your account needs to be verified first. Don’t panic and don’t keep retrying — it’s not a mistake in your setup. CloudFront is gated on new accounts because it’s a service that gets abused. Open a free “Account and billing” support case asking them to verify your account for CloudFront; it’s usually sorted within a day or so. (Making sure your payment method is valid — Step 2 — helps avoid this.)
Step 7 — Point your domain at the CDN, and test
Back in Route 53, create two records that point your domain (both the plain and www versions) at your CloudFront distribution. AWS has a special “alias” option for exactly this — it’s why we moved DNS to Route 53 in the first place, because most registrars can’t point a bare domain (no www) at a CDN cleanly.
Then test — and test properly:
- Open
https://yourname.comandhttps://www.yourname.comin a private/incognito window (your normal browser may show a cached old result). - Check it from your phone on mobile data, not just your home network.
- Confirm the padlock shows a valid certificate.
If it loads cleanly over HTTPS from a device that’s never seen it before, you’re live.
The honest summary
None of these steps is hard on its own. The traps are in the seams between them, so to save you the pain I had:
- Pick one region and stick to it — except the certificate, which must be in N. Virginia.
- Copy your email DNS records into Route 53 before switching nameservers, or you’ll knock out your own email.
- A new account may be blocked from CloudFront until AWS verifies it — that’s normal; open a support case.
- Keep your AWS root account locked away, use a normal user, and set a billing alert.
And one note of honesty about this guide itself: cloud consoles change their menus and wording constantly, so treat the steps as the shape of the journey rather than pixel-perfect clicks. The five pieces — domain, storage, certificate, delivery, DNS — don’t change, even when the buttons move.
That’s the whole thing. A real website, on serious infrastructure, for about the price of a cup of chai per month. If you get stuck on a step, that’s normal — every one of these traps caught me too.