I am trying to use cloudfront for static website s3 with my custom domain.
Following are the steps I followed:
1) Setup a s3 bucket (say, example.com) and enabled static website hosting on it.
2) Also setup a s3 bucket (www.example.com) which redirects to example.com.
3) In route 53, added a hosted zone (example.com) and added the record sets.
4) After this, http://example.com works for me.
Now I am trying to add cloudfront to it. I added the following steps:
5) From Amazon Certificate Manager, added a certificate for www.example.com and got it verified (added to Route 53 DNS, it was verified automatically after some time).
6) Created a cloudfront distribution with following settings:
Domain Origin: www.example.com
Origin Protocol Policy: HTTP Only
Alternate Domain Name: www.example.com
SSL Certificate: Selected from ACM
When I try to launch: https://example.com or https://www.example.com, the site doesn't load. http://example.com does load, but I am not sure if cloudfront is actually working on this or not. Also why is https not loading?
To setup the S3 bucket behind the CF distribution WITH SSL you need to:
Setup S3 bucket example.com (Block all public access = off, policy https://d.pr/i/KU1Q4z)
Create certificate in ACM issued at example.com and *.example.com(or specific subdomain at will), validate it
Create CF distribution
Set created CF alternate domain names to: example.com *.example.com (other subdomain here)
Use custom SSL certificate (previously created and validated)
Create/change default origin, to: example.com.s3-website-AWS_REGION.amazonaws.com with origin protocol policy HTTP Only
CF Default origin behaviour should be more-less like this: https://d.pr/i/h6PrG6
In Route 53 set CF A ALIAS for example.com and CNAME for *.example.com (or other subdomain) pointing at CF_DISTRIBUTION_ID.cloudfront.net
you need to go into rt 53 and point the domain at your cloudfront distribution. It won't appear as an option unless you've set the domain as an alternate domain in the distribution settings. Also, that cert won't work for anything except www.example.com, meaning example.com is excluded. you need a cert that includes example.com and www.example.com (or *.example.com to cover all subdomains)
Related
We own two different domains and manage them in Route 53, to keep things simple I'll refer to them as example.com and secondary.com. Originally we had three CloudFront distributions with the following alternate domain names (CNAMEs), all have SSL certificates as well-
general.example.com
whatsnew.example.com
help.secondary.com
Since we're retiring example.com we've been trying to redirect general.example.com & whatsnew.example.com to help.secondary.com. For now the CloudFront distributions for #1 and #2 above have been disabled. Following the below guide I was able to redirect the root domain (example.com) to help.secondary.com.
AWS Doc on redirecting domains
Currently the Route 53 root record for the example.com domain points to an S3 bucket named after it per AWS' doc.
Record name
Type
Value
Error
example.com
A
s3-website-us-east-1.amazonaws.com.
none: redirects successfully
However when I try this for general & whatsnew (these have their own S3 buckets as well) the redirection fails with the only error code being ERR_CONNECTION_TIMED_OUT. Below are other changes I've tested in Route 53, through an incognito Chrome browser, and their results.I get the SSL errors are due to the difference in domains but I'm not understanding how the same config works for example.com and not its subdomains. May not matter but the secondary.com domain lives in a different AWS account, which we also own. Are these redirections possible?
Record name
Type
Value
Error
general.example.com
CNAME
example.com
ERR_CONNECTION_TIMED_OUT
general.example.com
CNAME
help.secondary.com
ERR_SSL_PROTOCOL_ERROR
general.example.com
CNAME
randomstring.cloudfront.net (CloudFront domain name for help.secondary.com)
ERR_SSL_PROTOCOL_ERROR
So I created two buckets in S3. One with my domain name xxx.ninja and the other with the www. subdomain. The www one I redirected to the first. Then I created a domain in Route 53. And because I wanted https on my site I created a cloudfront distribution with redirect http -> https.
The s3 bucket url works just fine, but the site URL does not. I think I may have set it up incorrectly.
In AWS CloudFront I created my distribution and used the cloudfront default SSL cert. I choose redirect http -> https. And I pasted in my s3 website URL.
Then I copied the domain name and went to Route 53. After I created my domain I open its hosted zone and added an A record with the alias of the cloudfront domain name.
But the URL doesn't work. I get a 403 CloudFront error in the browser.
Thoughts?
IF you're using the default CloudFront SSL this indicates to me that you're not using a custom hostname (which would deny access to the CloudFront distribution).
You will need to add additional names to your CloudFront distribution (specifying every hostname that will have a DNS record resolving to the CloudFront distribution). In addition you will need to generate an SSL in ACM (which is free), this must be in region us-east-1.
More information on how to add a custom domain to your CloudFront distribution is available here.
I am trying to setup CloudFront with an Amazon S3 static website and Amazon EC2 nodejs server.
I have followed the following steps:
Setup S3 bucket example.com
Create certificate in ACM issued at example.com and api.example.com
Create CloudFront distribution
Set created CloudFront alternate domain names to: example.com and api.example.com
Added SSL certificate from ACM
Created origin with example.com.s3-website-AWS_REGION.amazonaws.com
In Route 53, added entry for example.com and api.example.com with alias name pointing to CloudFront distribution.
After this my https://example.com is loading the webpage correctly. Now I try to set CloudFront for my nodejs server as well.
Added new origin in CloudFront distribution with ec2-IP.AWS_REGION.compute.amazonaws.com.
Added the behaviors for pattern api.example.com/* with all TTL set to zero.
Now when I try to access the nodejs server using https://api.example.com, I am not able to do so and get error. I am not sure what I am doing wrong.
You are confused that CloudFront serves based on virtual hosting, CloudFront doesn't do that, it instead looks at the URI path e.g: /api/* etc and forwards the requests to origin based on path behaviour match.
In both https://api.example.com and https://example.com, it matching default path behaviour and sending requests to S3.
Possible solution:
Create a new CloudFront and add api.example.com here in CNAME and use the existing cert and origin as EC2 instance, cloudfront doesn't charge you for creating distribution.
If above no, you need to use Lambda#edge(Viewer Request/Origin Request(whitelisting HOST header)) to read the HOST header and choose the origin ec2 or S3 based on if it's api.example.com or example.com.
https://aws.amazon.com/blogs/networking-and-content-delivery/dynamically-route-viewer-requests-to-any-origin-using-lambdaedge/
Based on your requirement, option 1 should be easy for you.
I have the domain registered with Godaddy and using AWS Route53 service for mapping the S3 hosted static website to the domain name. I followed the guides & created the two buckets, primary bucket being www.example.com & redirecting the apex domain example.com to the sub-domain www.example.com.
Everything is fine. The website is viewable on the above two addresses.
However, I am having difficulty getting https SSL certificate to work.
Then I requested a certificate using the AWS Certificate Manager using the following settings:
domain name: example.com
additional name: *.example.com
Finally I created the CloudFront Distribution using the following settings
S3 bucket address for www.example.com bucket
alternative domain: example.com
& linked the custom certificate field to this newly created certificate.
Everything is enabled & I get no error, however, the address: https://example.io & https://www.example.com are still not working.
Note, It still doesn't work inspite of giving it a day to be fully operational. What am I doing wrong with setting cloudfront distribution with my s3 buckets & linking with the certificates?
Thanks
I am hosting a static website on AWS using Amazon S3 + CloudFront + HTTPS.
I need to ensure that the website is opened by only one of the CNAMEs and not the other (non-www). The S3 domain must also be forwarded to the main WWW domain.
How can this be done?
You need to use S3 to redirect the requests.
You will firstly need to create two buckets with the names: www.example.com and example.com and provide appropriate bucket
policies
You will then need to redirect all the traffic from example.com S3 bucket to www.example.com by going into static website hosting
settings. Check out the below settings
Now, you have to setup the CNAME in Route53 such that example.com will translate to www.example.com
Create a distribution for www.example.com and use the alternative CNAME as www.example.com
If I understand you correctly, you can add a CNAME to a CloudFront Distribution from within the CloudFront console. You can also add a CNAME to a CloudFront distribution in Route53 by selecting to add a CNAME, click the Alias=yes radio button and select the relevant CloudFront resource.
See image below for where this is done in Route 53: