To get this working I followed SSL setup with Let’s Encrypt on AWS CloudFront and S3.
Setting up the TLS certificate went well, but because CloudFront handles default index documents differently than S3, previous links such as https://andrewtchin.com/about returned Access Denied errors. Since there weren’t too many problem links, I updated them to explicitly point to index.html to solve this.
Finally, where previously I used the AWS console to upload my files to S3, it was very easy to use AWS CLI to upload all the files at once and set the correct permissions.
From the Jekyll build directory (_site), I used s3 sync: