To configure CloudFront to enforce HTTPS communication using its default SSL/TLS certificate through the AWS CLI, follow these steps:
Step 1: Identify Cache Behaviors Identify the cache behavior(s) you want to update. You can use the following command to list all cache behaviors for a CloudFront distribution:
aws cloudfront list-distributions | jq '.DistributionList.Items[].Distribution.CacheBehaviors[] | .Id'
Step 2: Update Viewer Protocol Policy Update the Viewer Protocol Policy setting for the cache behavior(s). You can use the following command to update the Viewer Protocol Policy setting to require HTTPS:
aws cloudfront update-distribution-config --distribution-id <DISTRIBUTION_ID> --cache-behavior-id <CACHE_BEHAVIOR_ID> --viewer-protocol-policy redirect-to-https
Step 3: Deploy Changes Deploy the changes to your CloudFront distribution to make them effective. Use the following command to create an invalidation:
aws cloudfront create-invalidation --distribution-id <DISTRIBUTION_ID> --paths "/*"
Once you’ve completed these steps, all requests to the cache behavior(s) you updated will be automatically redirected to HTTPS.