There are several questions on this post:
First, I've read some posts indicating that the best way to move the
Website is to use Godaddy's domain controls to forward the domain (via
301) to the AWS Website. Others seem to indicate that I should just
make the domain servers point directly to the AWS Website. What are
the advantages/disadvantages of each approach? Which is the better
approach?
One advantage in having a 301 is that if you are have a new address it allows your users to find that new address using the old address. The disadvantages are that there's a bit a of delay on the request because you are going through two hops instead of one and that also you give a perhaps small sense of "ping ponging" to the user. Nevertheless, this an option if you want to redirect from HTTP to HTTPS
The advantages of not using a redirect is just that it's faster but also if you have an old address people may not be able to find it.
I've currently used the domain forwarding approach. However, for
Godaddy, this seems to only forward HTTP requests and not HTTPS
requests (they get a 'This Webpage is not available' error). Is there
a way to forward the HTTPS address to AWS and retain (rekey?) the SSL
certificate? What do I need to do with the SSL cert? If I need a new
SSL cert, how do I attach it to the domain hosted by Godaddy but point
it to the Website on AWS?
Redirecting from HTTP to HTTPS doesn't have anything to do with your domain registrar (i.e. GoDaddy) . That usually happens at the firewall, load balancer or application level. It really depends on your architecture and how you want to front your application. For example,
- If you have a firewall or set of firewalls fronting your application you can redirect all traffic from port 80(HTTP) to port 443(HTTPS).
- Another way is to front your application with a web server like Apache or nginx and redirect all port 80 traffic to 443 (This is perhaps the most common option, in this case the certificates would be installed on the web server).
- Another way is to have application servers running on both 80 and 443, then have the application server on port 80 send everything to port 443 (Not that common. In this case the certificates would be installed on the main application running on port 443)
- Furthermore, you could also setup the redirects at the load balancer level. In this case you would not need HTTPS between the load balancer and the application server since the load balancer itself is handling the HTTPS traffic (Assuming that your application server is in some sort of private network) Note that Amazon's ELBs don't support redirects. This option would be available on hardware load balancers like the Brocade ADX or the Citrix Netscaler or software load balancers like HAproxy.
Hope this helps.
[Edit]
There are some domain registrars that will allow you to setup an HTTP redirect (a 301). However, like I mentioned before this is not a DNS feature per se. For example, dynect will let you do that: