With HTTPS, when a browser sends data to a website, it's asymmetrically encrypted with the public key, and decrypted with the websites private key. I'm guessing it's the service provider that actually does the decoding, so Route 53 if you're using AWS, since on my EC2 instance, I never added any code to decode every message.
But when the website sends data back to the browser, how is it encrypted? Is the first visit never encrypted, but the browser sends a key with the first message encrypted with the public key that Route 53 remembers?
Route53 has nothing to do with HTTPS.
Route53 is just a DNS provider. In shortcut - it maps domain names to IP addresses. There's no encryption on this level of communication.
Encryption comes into place when HTTP request appears.
On one end, there is user with his browser. On second end, there are plenty of options:
As you can see, as long as you use load balancers or API Gateway, you don't need to carry about encryption. If you expose public EC2 with its HTTP server, then you need to install some certificate on it to encrypt the traffic.
Regarding your question about when the encryption takes place - it's all about TLS algorithm. Initially, two parties send messages using their asymmetric public/private keys. The user has its own key pair, so as server/load balancer/whatever. During the initialization, both parties set the symmetric key which will be used to encrypt/decrypt the whole transmission on both sides.