So I created two buckets in S3. One with my domain name xxx.ninja and the other with the www. subdomain. The www one I redirected to the first. Then I created a domain in Route 53. And because I wanted https on my site I created a cloudfront distribution with redirect http -> https.
The s3 bucket url works just fine, but the site URL does not. I think I may have set it up incorrectly.
In AWS CloudFront I created my distribution and used the cloudfront default SSL cert. I choose redirect http -> https. And I pasted in my s3 website URL.
Then I copied the domain name and went to Route 53. After I created my domain I open its hosted zone and added an A record with the alias of the cloudfront domain name.
But the URL doesn't work. I get a 403 CloudFront error in the browser.
Thoughts?
IF you're using the default CloudFront SSL this indicates to me that you're not using a custom hostname (which would deny access to the CloudFront distribution).
You will need to add additional names to your CloudFront distribution (specifying every hostname that will have a DNS record resolving to the CloudFront distribution). In addition you will need to generate an SSL in ACM (which is free), this must be in region us-east-1.
More information on how to add a custom domain to your CloudFront distribution is available here.
Related
I am trying to setup CloudFront with an Amazon S3 static website and Amazon EC2 nodejs server.
I have followed the following steps:
Setup S3 bucket example.com
Create certificate in ACM issued at example.com and api.example.com
Create CloudFront distribution
Set created CloudFront alternate domain names to: example.com and api.example.com
Added SSL certificate from ACM
Created origin with example.com.s3-website-AWS_REGION.amazonaws.com
In Route 53, added entry for example.com and api.example.com with alias name pointing to CloudFront distribution.
After this my https://example.com is loading the webpage correctly. Now I try to set CloudFront for my nodejs server as well.
Added new origin in CloudFront distribution with ec2-IP.AWS_REGION.compute.amazonaws.com.
Added the behaviors for pattern api.example.com/* with all TTL set to zero.
Now when I try to access the nodejs server using https://api.example.com, I am not able to do so and get error. I am not sure what I am doing wrong.
You are confused that CloudFront serves based on virtual hosting, CloudFront doesn't do that, it instead looks at the URI path e.g: /api/* etc and forwards the requests to origin based on path behaviour match.
In both https://api.example.com and https://example.com, it matching default path behaviour and sending requests to S3.
Possible solution:
Create a new CloudFront and add api.example.com here in CNAME and use the existing cert and origin as EC2 instance, cloudfront doesn't charge you for creating distribution.
If above no, you need to use Lambda#edge(Viewer Request/Origin Request(whitelisting HOST header)) to read the HOST header and choose the origin ec2 or S3 based on if it's api.example.com or example.com.
https://aws.amazon.com/blogs/networking-and-content-delivery/dynamically-route-viewer-requests-to-any-origin-using-lambdaedge/
Based on your requirement, option 1 should be easy for you.
I am trying to use cloudfront for static website s3 with my custom domain.
Following are the steps I followed:
1) Setup a s3 bucket (say, example.com) and enabled static website hosting on it.
2) Also setup a s3 bucket (www.example.com) which redirects to example.com.
3) In route 53, added a hosted zone (example.com) and added the record sets.
4) After this, http://example.com works for me.
Now I am trying to add cloudfront to it. I added the following steps:
5) From Amazon Certificate Manager, added a certificate for www.example.com and got it verified (added to Route 53 DNS, it was verified automatically after some time).
6) Created a cloudfront distribution with following settings:
Domain Origin: www.example.com
Origin Protocol Policy: HTTP Only
Alternate Domain Name: www.example.com
SSL Certificate: Selected from ACM
When I try to launch: https://example.com or https://www.example.com, the site doesn't load. http://example.com does load, but I am not sure if cloudfront is actually working on this or not. Also why is https not loading?
To setup the S3 bucket behind the CF distribution WITH SSL you need to:
Setup S3 bucket example.com (Block all public access = off, policy https://d.pr/i/KU1Q4z)
Create certificate in ACM issued at example.com and *.example.com(or specific subdomain at will), validate it
Create CF distribution
Set created CF alternate domain names to: example.com *.example.com (other subdomain here)
Use custom SSL certificate (previously created and validated)
Create/change default origin, to: example.com.s3-website-AWS_REGION.amazonaws.com with origin protocol policy HTTP Only
CF Default origin behaviour should be more-less like this: https://d.pr/i/h6PrG6
In Route 53 set CF A ALIAS for example.com and CNAME for *.example.com (or other subdomain) pointing at CF_DISTRIBUTION_ID.cloudfront.net
you need to go into rt 53 and point the domain at your cloudfront distribution. It won't appear as an option unless you've set the domain as an alternate domain in the distribution settings. Also, that cert won't work for anything except www.example.com, meaning example.com is excluded. you need a cert that includes example.com and www.example.com (or *.example.com to cover all subdomains)
My problem
I'm trying to 301 redirect my S3 hosted domain-a.com to domain-b.com in my SSL-secured AWS Cloudfront setup. I cannot figure out how to achieve this. Instead both domains now serve the Cloudfront/S3 Bucket content.
My use case
Before switching to Cloudfront I used to handle redirects with S3's static website hosting options by redirecting the secondary domain bucket to the primary domain bucket.
In order to secure my S3-hosted static site with SSL certificates I made the switch to Cloudfront.
SSL certificates work fine, but because now both domains point to the cloudfront distribution (see screenshots below) I can access the same content on both domains. This does not only lead to duplicate content but also confuses users and is not really the best UX.
Route 53 and Cloudfront config for both domains
Route 53 points to a single Cloudfront distribution for both domain-a.com and domain-b.com
Cloudfront points to the domain-b.com S3 bucket
How can I redirect domain-a.com to domain-b.com so as to only have one primary domain which my users see and use? Can this be achieved through Route 53 DNS settings or do I have to edit my Cloudfront configuration?
Create a separate bucket for domain-a.com, configure that in your CloudFront and apply the redirect rules to point it to domain-b.com.
Check the picture below on how to set the redirect.
Hope it helps.
Problem -
custom domain in CloudFront is not working
I'm hosting a static website in AWS. There is two S3 buckets - mydomain.com and www.mydomain.com, where the later one redirects to the first one.
In Route 53, mydomain.com points to S3 bucket as A record and wwww.mydomain.com act as an A record alias to mydomain.com.
Now I wanted to use CloudFront but wanted to be used as https://cdn.mydomain.com/asset/some-image.png. So, I added mydomain.com, www.mydomain.com, cdn.mydomain.com as Alternate Domain Names (CNAME) in CloudFront. But please note that I do not have a S3 bucket named cdn.mydomain.com
Now as required, in AWS ACM, I have also added mydomain.com as domain name and the other two (www and cdn) as alternate domain names and all of these 3 domain have CNAME records in AWS Route 53.
Finally, I wanted to route traffic from Route 53 to Cloudfront but wanted to use my desired cdn.mydomain.com instead. So, I have created A and AAA alias record in Route 53.
name - cdn
alias - Yes
alias target - cloudfront generated domain
Result :
cloudfront generated domain works and it points to my website but cdn.mydomain.com does not (IP address not found). Just at this point, I have created another S3 bucket cdn.mydomain.com and redirected to mydomain.com. But this action requires an A record to be added in Route 53. But there is already an A record for the same name - cdn.mydomain.com that points to CloudFront domain, so no way to create another alias for the same name.
If its clear what my problem is, then please suggest the solution for it.
Well, apparently the problem was having HTTPS only policy in CloudFront -> Viewer Protocol Policy. Don't know why it matters. Changing it to Redirect HTTP to HTTPS surprisingly solves this problem.
Here is my AWS Route 53 Setup:
The domain https://www.migranthire.com doesn't work. How can i redirect from this domain to https://migranthire.com
Your www site is pointing directly to an S3 bucket web site hosting endpoint, which is taking care of the redirect to the domain name without the www prefix.
The S3 website endpoints do not support HTTPS, so this works for http only.
Your solution is to create a second CloudFront distribution -- you need an additional one, because the second one has a different origin. Configure this distribution with your SSL certificate, configured to expect the www hostname as an alternative name, and set its origin to the www bucket -- however, when you are setting up this second CloudFront distribution, do not select the name of your bucket from the list. Instead, enter the website endpoint hostname -- www.migranthire.com.s3-website-eu-west-1.amazonaws.com. Set the origin protocol to HTTP only (CloudFront has to send the request to the bucket as HTTP even if the viewer protocol is HTTPS. You still get a green lock.)
Then, configure Route 53 to send www requests to the new CloudFront distribution, instead of directly to the bucket. CloudFront will speak SSL, sent the request to S3, which will return the redirect, as it is doing now.