How long does it take to build a website with WebZum?

WebZum creates a complete professional website in about 5 minutes. Our AI automatically discovers your business information from Google, Facebook, Yelp, and across the web, then generates all content, images, and design for you.

Do I need to write any content for my website?

No content writing is needed. WebZum's AI finds your existing online information (reviews, business details, photos) and writes all website content specifically for your business. You can edit anything afterward if you want.

How much does WebZum cost?

WebZum offers a Basic plan at $19/month and a Professional plan at $34/month. The Professional plan includes a free custom domain and removes WebZum branding. Both include a free preview before subscribing, no setup fees, and you can cancel anytime with no long-term contracts.

What makes WebZum different from other website builders?

WebZum doesn't just generate a template — it runs a full AI pipeline: market research, competitor analysis, brand strategy, SEO keyword planning, content writing, logo generation, image generation, and multi-page design. Other builders require you to write content and pick designs yourself. WebZum does all of it automatically in 5 minutes. It works for any business — existing or brand new, with or without an online presence.

Do I get my own domain name?

Yes! The Professional plan includes a free domain name. Search for an available name, click the one you want, and your website is live on it. WebZum handles registration, DNS, and SSL — nothing technical on your end.

WebZum works for anyone who needs a website: small businesses (restaurants, salons, contractors, law firms), agencies building sites for clients at scale, creators and influencers who need landing pages, portfolios, and SEO-focused microsites. The AI pipeline adapts to any use case — it researches your market, writes the content, and builds the site.

Can I edit my website after it's generated?

Yes, WebZum includes website editing tools that let you modify text, images, and sections. You can also regenerate your entire website anytime to get fresh content as our AI improves.

Does WebZum create a logo for my business?

Yes! WebZum's AI creates a professional logo for your business at no extra cost. If you already have a logo, you can upload it and WebZum will use your brand colors throughout the website.

We Automated Custom Domain Setup (SSL, DNS, CloudFront) So Users Don’t Have To

TL;DR: We built a domain provisioning orchestrator that automates the entire custom domain setup: registers domains via Route53, provisions SSL certificates with ACM, creates CloudFront distributions, configures DNS records, and deploys websites—all automatically. Users click “Register Domain” and 10 minutes later their website is live on their custom domain with HTTPS.

The Problem: Custom Domains Are a Nightmare

We generate websites on subdomains (business.webzum.com). But users want their own domains (business.com).

What’s involved in custom domain setup:

Register domain (Route53)
Create hosted zone (Route53)
Request SSL certificate (ACM)
Validate domain ownership (DNS records)
Wait for SSL validation (5-30 minutes)
Create CloudFront distribution
Configure CloudFront with SSL
Point domain to CloudFront (DNS records)
Deploy website files
Invalidate CloudFront cache

Traditional approaches:

Manual setup: Users follow a 20-step guide (90% give up)
Third-party services: Netlify, Vercel ($20/month per domain)
No custom domains: Stick with subdomains (unprofessional)

The insight: If we can automate domain registration, we can automate domain provisioning.

The Breakthrough: Orchestration > Manual Steps

The breakthrough came when we realized: Every step is an AWS API call. We can orchestrate them.

Bad: Give users a guide → hope they follow it correctly Good: User clicks button → system does everything automatically

The difference? 10 minutes of automation vs 2 hours of manual work.

How It Works: The Technical Architecture

1. Domain Provisioning Orchestrator

The brain that coordinates all AWS services:

class DomainProvisioningOrchestrator {
  async provisionDomain(params: {
    businessId: string;
    domain: string;
    contactInfo: ContactInfo;
  }): Promise<ProvisioningResult> {
    
    console.log(`🚀 Starting domain provisioning for ${params.domain}`);
    
    try {
      // Step 1: Register domain with Route53
      const registration = await this.registerDomain(params);
      
      // Step 2: Create hosted zone
      const hostedZone = await this.createHostedZone(params.domain);
      
      // Step 3: Request SSL certificate
      const certificate = await this.requestSSLCertificate(params.domain);
      
      // Step 4: Add DNS validation records
      await this.addDNSValidationRecords(hostedZone.Id, certificate);
      
      // Step 5: Wait for SSL validation (polling)
      await this.waitForSSLValidation(certificate.CertificateArn);
      
      // Step 6: Create CloudFront distribution
      const distribution = await this.createCloudFrontDistribution({
        domain: params.domain,
        certificateArn: certificate.CertificateArn,
        businessId: params.businessId
      });
      
      // Step 7: Point domain to CloudFront
      await this.pointDomainToCloudFront(
        hostedZone.Id,
        params.domain,
        distribution.DomainName
      );
      
      // Step 8: Deploy website to custom domain
      await this.deployWebsite(params.businessId, params.domain);
      
      // Step 9: Update business record
      await this.updateBusinessRecord(params.businessId, {
        customDomain: {
          domain: params.domain,
          hostedZoneId: hostedZone.Id,
          certificateArn: certificate.CertificateArn,
          distributionId: distribution.Id,
          distributionDomain: distribution.DomainName,
          provisioningStatus: 'ready',
          provisionedAt: new Date()
        }
      });
      
      console.log(`✅ Domain provisioning complete for ${params.domain}`);
      
      return {
        success: true,
        domain: params.domain,
        httpsUrl: `https://${params.domain}`
      };
      
    } catch (error) {
      console.error(`❌ Domain provisioning failed:`, error);
      
      // Cleanup on failure
      await this.cleanup(params);
      
      throw error;
    }
  }
}

2. SSL Certificate Automation

Request and validate SSL certificates automatically:

async requestSSLCertificate(domain: string): Promise<Certificate> {
  const acm = new ACMClient({ region: 'us-east-1' }); // CloudFront requires us-east-1
  
  // Request certificate
  const response = await acm.send(new RequestCertificateCommand({
    DomainName: domain,
    ValidationMethod: 'DNS',
    SubjectAlternativeNames: [`www.${domain}`] // Include www subdomain
  }));
  
  console.log(`📜 SSL certificate requested: ${response.CertificateArn}`);
  
  // Get validation records
  const cert = await acm.send(new DescribeCertificateCommand({
    CertificateArn: response.CertificateArn
  }));
  
  return {
    CertificateArn: response.CertificateArn,
    ValidationRecords: cert.Certificate.DomainValidationOptions.map(option => ({
      Name: option.ResourceRecord.Name,
      Type: option.ResourceRecord.Type,
      Value: option.ResourceRecord.Value
    }))
  };
}

async addDNSValidationRecords(
  hostedZoneId: string,
  certificate: Certificate
): Promise<void> {
  const route53 = new Route53Client({ region: 'us-east-1' });
  
  // Add CNAME records for SSL validation
  const changes = certificate.ValidationRecords.map(record => ({
    Action: 'UPSERT',
    ResourceRecordSet: {
      Name: record.Name,
      Type: record.Type,
      TTL: 300,
      ResourceRecords: [{ Value: record.Value }]
    }
  }));
  
  await route53.send(new ChangeResourceRecordSetsCommand({
    HostedZoneId: hostedZoneId,
    ChangeBatch: { Changes: changes }
  }));
  
  console.log(`📝 DNS validation records added`);
}

async waitForSSLValidation(certificateArn: string): Promise<void> {
  const acm = new ACMClient({ region: 'us-east-1' });
  const maxAttempts = 60; // 30 minutes (30 second intervals)
  let attempts = 0;
  
  console.log(`⏳ Waiting for SSL validation...`);
  
  while (attempts < maxAttempts) {
    const response = await acm.send(new DescribeCertificateCommand({
      CertificateArn: certificateArn
    }));
    
    const status = response.Certificate.Status;
    
    if (status === 'ISSUED') {
      console.log(`✅ SSL certificate validated and issued`);
      return;
    }
    
    if (status === 'FAILED') {
      throw new Error('SSL certificate validation failed');
    }
    
    attempts++;
    await new Promise(resolve => setTimeout(resolve, 30000)); // Wait 30 seconds
  }
  
  throw new Error('SSL validation timeout');
}

3. CloudFront Distribution Creation

Create CloudFront distribution with custom domain and SSL:

async createCloudFrontDistribution(params: {
  domain: string;
  certificateArn: string;
  businessId: string;
}): Promise<Distribution> {
  const cloudfront = new CloudFrontClient({ region: 'us-east-1' });
  
  const response = await cloudfront.send(new CreateDistributionCommand({
    DistributionConfig: {
      CallerReference: `${params.businessId}-${Date.now()}`,
      Comment: `WebZum - ${params.domain}`,
      Enabled: true,
      
      // Origin: S3 bucket with generated website
      Origins: {
        Quantity: 1,
        Items: [{
          Id: 'S3-webzum-generated-sites',
          DomainName: 'webzum-generated-sites.s3.amazonaws.com',
          S3OriginConfig: {
            OriginAccessIdentity: `origin-access-identity/cloudfront/${OAI_ID}`
          },
          OriginPath: `/${params.businessId}/latest`
        }]
      },
      
      // Default cache behavior
      DefaultCacheBehavior: {
        TargetOriginId: 'S3-webzum-generated-sites',
        ViewerProtocolPolicy: 'redirect-to-https',
        AllowedMethods: {
          Quantity: 2,
          Items: ['GET', 'HEAD']
        },
        CachedMethods: {
          Quantity: 2,
          Items: ['GET', 'HEAD']
        },
        ForwardedValues: {
          QueryString: false,
          Cookies: { Forward: 'none' }
        },
        MinTTL: 0,
        DefaultTTL: 86400, // 1 day
        MaxTTL: 31536000 // 1 year
      },
      
      // Custom domain
      Aliases: {
        Quantity: 2,
        Items: [params.domain, `www.${params.domain}`]
      },
      
      // SSL certificate
      ViewerCertificate: {
        ACMCertificateArn: params.certificateArn,
        SSLSupportMethod: 'sni-only',
        MinimumProtocolVersion: 'TLSv1.2_2021'
      },
      
      // Default root object
      DefaultRootObject: 'index.html',
      
      // Custom error responses (for SPA routing)
      CustomErrorResponses: {
        Quantity: 1,
        Items: [{
          ErrorCode: 404,
          ResponseCode: '200',
          ResponsePagePath: '/index.html',
          ErrorCachingMinTTL: 300
        }]
      }
    }
  }));
  
  console.log(`☁️ CloudFront distribution created: ${response.Distribution.Id}`);
  
  return {
    Id: response.Distribution.Id,
    DomainName: response.Distribution.DomainName,
    Status: response.Distribution.Status
  };
}

4. DNS Configuration

Point domain to CloudFront:

async pointDomainToCloudFront(
  hostedZoneId: string,
  domain: string,
  cloudFrontDomain: string
): Promise<void> {
  const route53 = new Route53Client({ region: 'us-east-1' });
  
  // Create A record (apex domain)
  await route53.send(new ChangeResourceRecordSetsCommand({
    HostedZoneId: hostedZoneId,
    ChangeBatch: {
      Changes: [
        {
          Action: 'UPSERT',
          ResourceRecordSet: {
            Name: domain,
            Type: 'A',
            AliasTarget: {
              HostedZoneId: 'Z2FDTNDATAQYW2', // CloudFront hosted zone ID
              DNSName: cloudFrontDomain,
              EvaluateTargetHealth: false
            }
          }
        },
        {
          Action: 'UPSERT',
          ResourceRecordSet: {
            Name: `www.${domain}`,
            Type: 'A',
            AliasTarget: {
              HostedZoneId: 'Z2FDTNDATAQYW2',
              DNSName: cloudFrontDomain,
              EvaluateTargetHealth: false
            }
          }
        }
      ]
    }
  }));
  
  console.log(`🌐 DNS records configured for ${domain}`);
}

5. Polling & Status Tracking

Track provisioning status in real-time:

// Store provisioning status in DynamoDB
await db.updateBusiness(businessId, {
  customDomain: {
    domain,
    provisioningStatus: 'provisioning',
    provisioningStep: 'ssl_validation',
    provisioningProgress: 50,
    startedAt: new Date()
  }
});

// Background job polls for completion
async function pollProvisioningStatus(businessId: string) {
  const business = await db.getBusiness(businessId);
  
  if (business.customDomain?.provisioningStatus !== 'provisioning') {
    return; // Already complete or failed
  }
  
  // Check SSL certificate status
  const cert = await acm.send(new DescribeCertificateCommand({
    CertificateArn: business.customDomain.certificateArn
  }));
  
  if (cert.Certificate.Status === 'ISSUED') {
    // Continue provisioning
    await orchestrator.continueProvisioning(businessId);
  } else {
    // Still waiting, check again in 30 seconds
    setTimeout(() => pollProvisioningStatus(businessId), 30000);
  }
}

The Challenges We Solved

Challenge 1: SSL Validation Timing

Problem: SSL validation takes 5-30 minutes, can’t block the user

Solution: Background polling + status updates

// Start provisioning asynchronously
async function startProvisioning(businessId: string, domain: string) {
  // Return immediately to user
  const provisioningId = generateId();
  
  // Start background job
  provisionDomainInBackground(provisioningId, businessId, domain);
  
  return {
    provisioningId,
    status: 'started',
    estimatedTime: '10-15 minutes'
  };
}

// User can check status
async function getProvisioningStatus(provisioningId: string) {
  const status = await db.getProvisioningStatus(provisioningId);
  
  return {
    status: status.provisioningStatus,
    step: status.provisioningStep,
    progress: status.provisioningProgress,
    estimatedTimeRemaining: calculateETA(status)
  };
}

Challenge 2: Cleanup on Failure

Problem: If any step fails, we need to clean up AWS resources

Solution: Comprehensive cleanup function

async cleanup(params: { businessId: string; domain: string }) {
  console.log(`🧹 Cleaning up failed provisioning for ${params.domain}`);
  
  try {
    // Delete CloudFront distribution
    if (params.distributionId) {
      await this.deleteCloudFrontDistribution(params.distributionId);
    }
    
    // Delete SSL certificate
    if (params.certificateArn) {
      await this.deleteSSLCertificate(params.certificateArn);
    }
    
    // Delete hosted zone
    if (params.hostedZoneId) {
      await this.deleteHostedZone(params.hostedZoneId);
    }
    
    // Note: Domain registration can't be undone (AWS limitation)
    // User keeps the domain but provisioning failed
    
  } catch (error) {
    console.error('Cleanup failed:', error);
    // Log for manual cleanup
  }
}

Challenge 3: IAM Permissions

Problem: AppRunner needs extensive AWS permissions

Solution: Comprehensive IAM policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "route53:CreateHostedZone",
        "route53:DeleteHostedZone",
        "route53:ListHostedZones",
        "route53:ChangeResourceRecordSets",
        "route53:GetChange"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "acm:RequestCertificate",
        "acm:DescribeCertificate",
        "acm:DeleteCertificate",
        "acm:ListCertificates"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudfront:CreateDistribution",
        "cloudfront:GetDistribution",
        "cloudfront:UpdateDistribution",
        "cloudfront:DeleteDistribution",
        "cloudfront:CreateInvalidation"
      ],
      "Resource": "*"
    }
  ]
}

The Results: 10x Faster Setup

Before (manual setup):

20-step guide
2 hours of work
90% failure rate
Support tickets: 50/week

After (automated provisioning):

1-click setup
10 minutes automated
95% success rate
Support tickets: 5/week

User feedback:

“I clicked ‘Register Domain’ and 10 minutes later my website was live with HTTPS. Magic.” - Bakery owner

“I’ve set up custom domains on other platforms. This is the first time it actually worked.” - Consultant

Why This Matters for SaaS Products

Most SaaS products make custom domains painful. We learned:

Bad: Give users a guide → hope they figure it out Good: Automate everything → users just click a button

The startup lesson: If a feature requires 20 manual steps, automate it. Users will pay for convenience.

Key Insights

Orchestration is powerful: Chain AWS APIs together for complex workflows
Background jobs are essential: Long-running tasks can’t block users
Status tracking matters: Users need to see progress
Cleanup is critical: Failed provisioning shouldn’t leave orphaned resources

What’s Next

We’re exploring:

Faster SSL validation: Use DNS-01 challenge with Route53 API
Multi-domain support: Let users have multiple domains per website
Domain transfer: Import existing domains to WebZum
Subdomain management: Let users create subdomains (blog.business.com)

But the core insight remains: Automation > manual configuration.

Try it yourself: Generate a website with WebZum, click “Get Custom Domain”, register a domain. 10 minutes later, your website is live with HTTPS.

Building a SaaS? Key takeaway: AWS APIs make complex workflows automatable. Don’t make users configure DNS/SSL manually—build an orchestrator.

The future of SaaS isn’t self-service—it’s full automation.

We Automated Custom Domain Setup (SSL, DNS, CloudFront) So Users Don’t Have To

The Problem: Custom Domains Are a Nightmare

We generate websites on subdomains (business.webzum.com). But users want their own domains (business.com).

What’s involved in custom domain setup:

Register domain (Route53)
Create hosted zone (Route53)
Request SSL certificate (ACM)
Validate domain ownership (DNS records)
Wait for SSL validation (5-30 minutes)
Create CloudFront distribution
Configure CloudFront with SSL
Point domain to CloudFront (DNS records)
Deploy website files
Invalidate CloudFront cache

Traditional approaches:

Manual setup: Users follow a 20-step guide (90% give up)
Third-party services: Netlify, Vercel ($20/month per domain)
No custom domains: Stick with subdomains (unprofessional)

The insight: If we can automate domain registration, we can automate domain provisioning.

The Breakthrough: Orchestration > Manual Steps

The breakthrough came when we realized: Every step is an AWS API call. We can orchestrate them.

Bad: Give users a guide → hope they follow it correctly Good: User clicks button → system does everything automatically

The difference? 10 minutes of automation vs 2 hours of manual work.

How It Works: The Technical Architecture

1. Domain Provisioning Orchestrator

The brain that coordinates all AWS services:

class DomainProvisioningOrchestrator {
  async provisionDomain(params: {
    businessId: string;
    domain: string;
    contactInfo: ContactInfo;
  }): Promise<ProvisioningResult> {
    
    console.log(`🚀 Starting domain provisioning for ${params.domain}`);
    
    try {
      // Step 1: Register domain with Route53
      const registration = await this.registerDomain(params);
      
      // Step 2: Create hosted zone
      const hostedZone = await this.createHostedZone(params.domain);
      
      // Step 3: Request SSL certificate
      const certificate = await this.requestSSLCertificate(params.domain);
      
      // Step 4: Add DNS validation records
      await this.addDNSValidationRecords(hostedZone.Id, certificate);
      
      // Step 5: Wait for SSL validation (polling)
      await this.waitForSSLValidation(certificate.CertificateArn);
      
      // Step 6: Create CloudFront distribution
      const distribution = await this.createCloudFrontDistribution({
        domain: params.domain,
        certificateArn: certificate.CertificateArn,
        businessId: params.businessId
      });
      
      // Step 7: Point domain to CloudFront
      await this.pointDomainToCloudFront(
        hostedZone.Id,
        params.domain,
        distribution.DomainName
      );
      
      // Step 8: Deploy website to custom domain
      await this.deployWebsite(params.businessId, params.domain);
      
      // Step 9: Update business record
      await this.updateBusinessRecord(params.businessId, {
        customDomain: {
          domain: params.domain,
          hostedZoneId: hostedZone.Id,
          certificateArn: certificate.CertificateArn,
          distributionId: distribution.Id,
          distributionDomain: distribution.DomainName,
          provisioningStatus: 'ready',
          provisionedAt: new Date()
        }
      });
      
      console.log(`✅ Domain provisioning complete for ${params.domain}`);
      
      return {
        success: true,
        domain: params.domain,
        httpsUrl: `https://${params.domain}`
      };
      
    } catch (error) {
      console.error(`❌ Domain provisioning failed:`, error);
      
      // Cleanup on failure
      await this.cleanup(params);
      
      throw error;
    }
  }
}

2. SSL Certificate Automation

Request and validate SSL certificates automatically:

async requestSSLCertificate(domain: string): Promise<Certificate> {
  const acm = new ACMClient({ region: 'us-east-1' }); // CloudFront requires us-east-1
  
  // Request certificate
  const response = await acm.send(new RequestCertificateCommand({
    DomainName: domain,
    ValidationMethod: 'DNS',
    SubjectAlternativeNames: [`www.${domain}`] // Include www subdomain
  }));
  
  console.log(`📜 SSL certificate requested: ${response.CertificateArn}`);
  
  // Get validation records
  const cert = await acm.send(new DescribeCertificateCommand({
    CertificateArn: response.CertificateArn
  }));
  
  return {
    CertificateArn: response.CertificateArn,
    ValidationRecords: cert.Certificate.DomainValidationOptions.map(option => ({
      Name: option.ResourceRecord.Name,
      Type: option.ResourceRecord.Type,
      Value: option.ResourceRecord.Value
    }))
  };
}

async addDNSValidationRecords(
  hostedZoneId: string,
  certificate: Certificate
): Promise<void> {
  const route53 = new Route53Client({ region: 'us-east-1' });
  
  // Add CNAME records for SSL validation
  const changes = certificate.ValidationRecords.map(record => ({
    Action: 'UPSERT',
    ResourceRecordSet: {
      Name: record.Name,
      Type: record.Type,
      TTL: 300,
      ResourceRecords: [{ Value: record.Value }]
    }
  }));
  
  await route53.send(new ChangeResourceRecordSetsCommand({
    HostedZoneId: hostedZoneId,
    ChangeBatch: { Changes: changes }
  }));
  
  console.log(`📝 DNS validation records added`);
}

async waitForSSLValidation(certificateArn: string): Promise<void> {
  const acm = new ACMClient({ region: 'us-east-1' });
  const maxAttempts = 60; // 30 minutes (30 second intervals)
  let attempts = 0;
  
  console.log(`⏳ Waiting for SSL validation...`);
  
  while (attempts < maxAttempts) {
    const response = await acm.send(new DescribeCertificateCommand({
      CertificateArn: certificateArn
    }));
    
    const status = response.Certificate.Status;
    
    if (status === 'ISSUED') {
      console.log(`✅ SSL certificate validated and issued`);
      return;
    }
    
    if (status === 'FAILED') {
      throw new Error('SSL certificate validation failed');
    }
    
    attempts++;
    await new Promise(resolve => setTimeout(resolve, 30000)); // Wait 30 seconds
  }
  
  throw new Error('SSL validation timeout');
}

3. CloudFront Distribution Creation

Create CloudFront distribution with custom domain and SSL:

async createCloudFrontDistribution(params: {
  domain: string;
  certificateArn: string;
  businessId: string;
}): Promise<Distribution> {
  const cloudfront = new CloudFrontClient({ region: 'us-east-1' });
  
  const response = await cloudfront.send(new CreateDistributionCommand({
    DistributionConfig: {
      CallerReference: `${params.businessId}-${Date.now()}`,
      Comment: `WebZum - ${params.domain}`,
      Enabled: true,
      
      // Origin: S3 bucket with generated website
      Origins: {
        Quantity: 1,
        Items: [{
          Id: 'S3-webzum-generated-sites',
          DomainName: 'webzum-generated-sites.s3.amazonaws.com',
          S3OriginConfig: {
            OriginAccessIdentity: `origin-access-identity/cloudfront/${OAI_ID}`
          },
          OriginPath: `/${params.businessId}/latest`
        }]
      },
      
      // Default cache behavior
      DefaultCacheBehavior: {
        TargetOriginId: 'S3-webzum-generated-sites',
        ViewerProtocolPolicy: 'redirect-to-https',
        AllowedMethods: {
          Quantity: 2,
          Items: ['GET', 'HEAD']
        },
        CachedMethods: {
          Quantity: 2,
          Items: ['GET', 'HEAD']
        },
        ForwardedValues: {
          QueryString: false,
          Cookies: { Forward: 'none' }
        },
        MinTTL: 0,
        DefaultTTL: 86400, // 1 day
        MaxTTL: 31536000 // 1 year
      },
      
      // Custom domain
      Aliases: {
        Quantity: 2,
        Items: [params.domain, `www.${params.domain}`]
      },
      
      // SSL certificate
      ViewerCertificate: {
        ACMCertificateArn: params.certificateArn,
        SSLSupportMethod: 'sni-only',
        MinimumProtocolVersion: 'TLSv1.2_2021'
      },
      
      // Default root object
      DefaultRootObject: 'index.html',
      
      // Custom error responses (for SPA routing)
      CustomErrorResponses: {
        Quantity: 1,
        Items: [{
          ErrorCode: 404,
          ResponseCode: '200',
          ResponsePagePath: '/index.html',
          ErrorCachingMinTTL: 300
        }]
      }
    }
  }));
  
  console.log(`☁️ CloudFront distribution created: ${response.Distribution.Id}`);
  
  return {
    Id: response.Distribution.Id,
    DomainName: response.Distribution.DomainName,
    Status: response.Distribution.Status
  };
}

4. DNS Configuration

Point domain to CloudFront:

async pointDomainToCloudFront(
  hostedZoneId: string,
  domain: string,
  cloudFrontDomain: string
): Promise<void> {
  const route53 = new Route53Client({ region: 'us-east-1' });
  
  // Create A record (apex domain)
  await route53.send(new ChangeResourceRecordSetsCommand({
    HostedZoneId: hostedZoneId,
    ChangeBatch: {
      Changes: [
        {
          Action: 'UPSERT',
          ResourceRecordSet: {
            Name: domain,
            Type: 'A',
            AliasTarget: {
              HostedZoneId: 'Z2FDTNDATAQYW2', // CloudFront hosted zone ID
              DNSName: cloudFrontDomain,
              EvaluateTargetHealth: false
            }
          }
        },
        {
          Action: 'UPSERT',
          ResourceRecordSet: {
            Name: `www.${domain}`,
            Type: 'A',
            AliasTarget: {
              HostedZoneId: 'Z2FDTNDATAQYW2',
              DNSName: cloudFrontDomain,
              EvaluateTargetHealth: false
            }
          }
        }
      ]
    }
  }));
  
  console.log(`🌐 DNS records configured for ${domain}`);
}

5. Polling & Status Tracking

Track provisioning status in real-time:

// Store provisioning status in DynamoDB
await db.updateBusiness(businessId, {
  customDomain: {
    domain,
    provisioningStatus: 'provisioning',
    provisioningStep: 'ssl_validation',
    provisioningProgress: 50,
    startedAt: new Date()
  }
});

// Background job polls for completion
async function pollProvisioningStatus(businessId: string) {
  const business = await db.getBusiness(businessId);
  
  if (business.customDomain?.provisioningStatus !== 'provisioning') {
    return; // Already complete or failed
  }
  
  // Check SSL certificate status
  const cert = await acm.send(new DescribeCertificateCommand({
    CertificateArn: business.customDomain.certificateArn
  }));
  
  if (cert.Certificate.Status === 'ISSUED') {
    // Continue provisioning
    await orchestrator.continueProvisioning(businessId);
  } else {
    // Still waiting, check again in 30 seconds
    setTimeout(() => pollProvisioningStatus(businessId), 30000);
  }
}

The Challenges We Solved

Challenge 1: SSL Validation Timing

Problem: SSL validation takes 5-30 minutes, can’t block the user

Solution: Background polling + status updates

// Start provisioning asynchronously
async function startProvisioning(businessId: string, domain: string) {
  // Return immediately to user
  const provisioningId = generateId();
  
  // Start background job
  provisionDomainInBackground(provisioningId, businessId, domain);
  
  return {
    provisioningId,
    status: 'started',
    estimatedTime: '10-15 minutes'
  };
}

// User can check status
async function getProvisioningStatus(provisioningId: string) {
  const status = await db.getProvisioningStatus(provisioningId);
  
  return {
    status: status.provisioningStatus,
    step: status.provisioningStep,
    progress: status.provisioningProgress,
    estimatedTimeRemaining: calculateETA(status)
  };
}

Challenge 2: Cleanup on Failure

Problem: If any step fails, we need to clean up AWS resources

Solution: Comprehensive cleanup function

async cleanup(params: { businessId: string; domain: string }) {
  console.log(`🧹 Cleaning up failed provisioning for ${params.domain}`);
  
  try {
    // Delete CloudFront distribution
    if (params.distributionId) {
      await this.deleteCloudFrontDistribution(params.distributionId);
    }
    
    // Delete SSL certificate
    if (params.certificateArn) {
      await this.deleteSSLCertificate(params.certificateArn);
    }
    
    // Delete hosted zone
    if (params.hostedZoneId) {
      await this.deleteHostedZone(params.hostedZoneId);
    }
    
    // Note: Domain registration can't be undone (AWS limitation)
    // User keeps the domain but provisioning failed
    
  } catch (error) {
    console.error('Cleanup failed:', error);
    // Log for manual cleanup
  }
}

Challenge 3: IAM Permissions

Problem: AppRunner needs extensive AWS permissions

Solution: Comprehensive IAM policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "route53:CreateHostedZone",
        "route53:DeleteHostedZone",
        "route53:ListHostedZones",
        "route53:ChangeResourceRecordSets",
        "route53:GetChange"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "acm:RequestCertificate",
        "acm:DescribeCertificate",
        "acm:DeleteCertificate",
        "acm:ListCertificates"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudfront:CreateDistribution",
        "cloudfront:GetDistribution",
        "cloudfront:UpdateDistribution",
        "cloudfront:DeleteDistribution",
        "cloudfront:CreateInvalidation"
      ],
      "Resource": "*"
    }
  ]
}

The Results: 10x Faster Setup

Before (manual setup):

20-step guide
2 hours of work
90% failure rate
Support tickets: 50/week

After (automated provisioning):

1-click setup
10 minutes automated
95% success rate
Support tickets: 5/week

User feedback:

“I clicked ‘Register Domain’ and 10 minutes later my website was live with HTTPS. Magic.” - Bakery owner

“I’ve set up custom domains on other platforms. This is the first time it actually worked.” - Consultant

Why This Matters for SaaS Products

Most SaaS products make custom domains painful. We learned:

Bad: Give users a guide → hope they figure it out Good: Automate everything → users just click a button

The startup lesson: If a feature requires 20 manual steps, automate it. Users will pay for convenience.

Key Insights

Orchestration is powerful: Chain AWS APIs together for complex workflows
Background jobs are essential: Long-running tasks can’t block users
Status tracking matters: Users need to see progress
Cleanup is critical: Failed provisioning shouldn’t leave orphaned resources

What’s Next

We’re exploring:

Faster SSL validation: Use DNS-01 challenge with Route53 API
Multi-domain support: Let users have multiple domains per website
Domain transfer: Import existing domains to WebZum
Subdomain management: Let users create subdomains (blog.business.com)

But the core insight remains: Automation > manual configuration.

Try it yourself: Generate a website with WebZum, click “Get Custom Domain”, register a domain. 10 minutes later, your website is live with HTTPS.

Building a SaaS? Key takeaway: AWS APIs make complex workflows automatable. Don’t make users configure DNS/SSL manually—build an orchestrator.

The future of SaaS isn’t self-service—it’s full automation.

We Automated Custom Domain Setup (SSL, DNS, CloudFront) So Users Don't Have To

We Automated Custom Domain Setup (SSL, DNS, CloudFront) So Users Don’t Have To

The Problem: Custom Domains Are a Nightmare

The Breakthrough: Orchestration > Manual Steps

How It Works: The Technical Architecture

1. Domain Provisioning Orchestrator

2. SSL Certificate Automation

3. CloudFront Distribution Creation

4. DNS Configuration

5. Polling & Status Tracking

The Challenges We Solved

Challenge 1: SSL Validation Timing

Challenge 2: Cleanup on Failure

Challenge 3: IAM Permissions

The Results: 10x Faster Setup

Why This Matters for SaaS Products

Key Insights

What’s Next

Ready to Build Your Website?

We Automated Custom Domain Setup (SSL, DNS, CloudFront) So Users Don't Have To

We Automated Custom Domain Setup (SSL, DNS, CloudFront) So Users Don’t Have To

The Problem: Custom Domains Are a Nightmare

The Breakthrough: Orchestration > Manual Steps

How It Works: The Technical Architecture

1. Domain Provisioning Orchestrator

2. SSL Certificate Automation

3. CloudFront Distribution Creation

4. DNS Configuration

5. Polling & Status Tracking

The Challenges We Solved

Challenge 1: SSL Validation Timing

Challenge 2: Cleanup on Failure

Challenge 3: IAM Permissions

The Results: 10x Faster Setup

Why This Matters for SaaS Products

Key Insights

What’s Next

Ready to Build Your Website?