Naked domain and http to https redirects

Question

Hope you're all doing well!

I have a question I'm hoping to get some help with. I have a static site served through S3 with CloudFront distributions in front.

My main site is served on www.xyz.xyz and the cloudfront distribution connected ha a behavior http to https redirect.

Then I also want people to be able to access http://xyz.xyz, therefore I have created another bucket for the naked domain, with a redirect policy to www.xyz.xyz with http as protocol. In the CloudFront distribution connected to this the origin is the direct S3 website link, and not the bucket.

In the end this ensures all guests end at https://www.xyz.xyz, however when running Google Lighthouse for a SEO check, if I enter http://xyz.xyz it seems to go through 2 redirects, one to https and one to www and I'm assuming, according to Lighthouse, that this has some negative effects in that regard, both in terms of time to serve, but also SEO.

Am I doing something wrong? I hope you can help me. I really thought it was simpler, also with all the buckets and such :-)

I noticed in AWS Amplify you need to setup redirect/rewrites, but I guess in S3 + CloudFront terms, that's what I'm already doing.

Best,

Answer 1

To maintain compatibility with HSTS, you must perform your redirection in two steps. The first redirect should upgrade the request to https. The second can canonicalize the domain (add or remove www). So this behavior is desirable.