All CloudFront distributions are accessible through the domain name www.xxx.cloudfront.net. If you are using HTTP, you simply map your domain to https://xxx.cloudfront.net using a Cname.
CloudFront now supports custom SSL certificates to provide secure content through your domain. Click this URL to get started with Custom SSL certificates. Fill out the form to receive an invitation to Use Custom SSL Certificates.
https://aws.amazon.com/cloudfront/custom-ssl-domains/
Once Amazon approves your request you can upload one SSL certificate to an IAM Account. This certificate could be used to frontend CloudFront distribution. A single custom SSL certificate for CloudFront costs 600USD per month.
Pre-requisites
You should now have your signed SSL certificate.
Configure your IAM command-line tools. These are the things you should have:
a) Public Certificate – PEM encoded
b) Password removed from private key file
c) Certificate chain – PEM encoded
Step 1: Run this command to upload the certificate file into your IAM Account.
iam-servercertupload -s yourdomain.com.cert -b yourdomain.com.crt -k yourdomain.com.key -c yourdomain.com.ca -p /cloudfront/public
where -s any name to your certificate
-b Your public certificate
-k your private keys
-c to your intermediate certification
-p is your path to store your CloudFront Certificate. CloudFront will not be able locate your certificate if your path doesn’t begin with /cloudfront
Step 2: Log in to AWS Management Console and go to Distribution Settings-> Edit
Step 3: Select your CloudFront certificate from drop-down.
Step 4: Save the distribution settings.
Now you should be in a position to access CloudFront content via your https domain.