at the first place, we hosted our React App on the S3 to which we assigned CloudFront distribution and then we connected it to somedomain.com domain.
The thing is that for marketing tests we had to change A-record in Route53 to point to a totally different server than AWS. So the problem is that some of the users already used our React App with ServiceWorker that was hosted on S3, and even that we changed A-records to point to different server - they still see AWS cached version.
We have no idea where is the problem, and if we should change something in Route 53 or Cloudfront?
I have come across this before, but don't have a good explanation as to why it happened.
I had to remove the domain from the CloudFront distribution before I got all traffic being sent correctly to the new record in Route 53.
After removing the domain from the CloudFront config, traffic immediately started being sent to the value in the A record in Route 53.
Hope this helps.
Related
I have a domain hosted through Google. I'm using Google Workspace for a lot of my day-to-day operations (e.g. Drive, Gmail, etc). I'm using AWS as my infrastructure and business logic for my application. I'm having trouble making my site support TLS. If you visit it now, you get this on chrome and I can't seem to make HTTPS requests work.
I have my domain pointing to AWS via Custom Name Server.
My route 53 has the NS type records listed under the hosted zone
I've tried to request a Certificate from AWS to make it work.
My problem is I don't know how to tell Google about it. How do you let Google know about the certificate so I can make my site HTTPS?
I believe approaching Google is not going to solve your issue as in the above case Google is only responsible to host your domain . So DNS setup is only responsible to route requests to your site and not making your site more secured.
I also found that you are exposing your site as http rather than https and thats why your site is unsecured.
Is your site is running on a web server or is it hosted on S3 as static web site ?
Note: you cant enable https on S3 static website.
The workaround to above problem is below :
Route53 has A record to pointing to ALB (configured with ACM) distributing traffic to Ec2 instances running your web application.
If anyone is still looking. I wanted to keep it cheap with a simple S3 static website. If you want to maintain the S3 part, make a CloudFront distribution (if you haven't already.
Inside the CloudFront under the main settings, use a Certificate you made from Certificate Manager.
Then head over to Route53 (even if the domain is hosted via Google) and route the "A" name record to the CloudFront. NOTE: make sure the "Alternate Domain" name is filled in or else it won't see it.
Let it update for about a minute or two and it will show https
As per title, for some reason I'm unable to connect the deployed app on Amplify to a custom domain provided on Route 53.
Here's the app deployed with Amplify: https://master.dwog1beoc1uv7.amplifyapp.com/
On Route 53, I created a hosted zone and added a CNAME record which should connect the custom domain to the domain where amplify hosts the app:
I then went to Amplify and added a new domain for the application:
If I now go back to Route 53, I can see the records have been automatically updated as followed:
Although everything seem setup properly, the custom domain (http://alessiopetrin.com/) doesn't work just yet.
If I test the record on Route 53, all seem fine:
I understand I should allow some time for the DNS propagation to take effect (up to 24h for what AWS states), but the time is almost up and I can't see it working, which make me think something is off.
As per second screenshot, I can see on Amplify that is waiting me to add the CNAME record in order to activate the domain, so I may think that could be the missing piece; Problem is the record has been assigned automatically already on Route 53, so not really sure if I should add the record somewhere else as well?
Apologise if I'm asking something obvious, and thank you in advance for the help!
The records added by Amplify are correct. I executed dig command on your domain and observed "SERVFAIL" status. This error is due to the mismatch in the name servers.
The following name servers are used currently.
ns1.dynadot.com
ns2.dynadot.com
Ref: https://www.whois.com/whois/alessiopetrin.com
Please set the name servers to the NS record of hosted zone (https://i.stack.imgur.com/U6Lj8.png). Refer below docs:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html#domain-name-servers-glue-records-adding-changing
Then, delete the domain from amplify and try re-adding it. It should work.
Be careful that the require cname ask by aws to generate the SSL is mandatory and should has the following form :
An obvious error in Route53 is that Value/Route traffic goes to https://master.dwog1beoc1uv7.amplifyapp.com/. When you add CNAMEs, you don't add the protocol, but only the domain name. It should be master.dwog1beoc1uv7.amplifyapp.com
EDIT
There is a problem with the Cloudfront Distribution. I can't tell, if this is because something you did or it is an amplify problem. You need to somehow debug the distribution. Go to Cloudfront service in AWS console and locate your distribution. Some things to check:
Alternate domain is correct (your custom domain)
SSL certificate is correct
Go to behaviors tab and click edit:
An S3 bucket with your code should be used as an origin
There should be no caching on Headers
I have recently created a cloudfront distribution (using the LightSail admin area) for a Lightsail instance running Plesk on Ubuntu. I have created custom domains and validated them and they are "Valid, in use".
My domain is hosted through Route 53. When I delete the static IP address value of the apex domain record by changing the "Value/Route traffic to" an "Alias to CloudFront distribution" and then paste the distribution address, (ex: 123456abcdef.cloudfront.net) the entire site goes down.
My cloudfront address (ex: 123456abcdef.cloudfront.net) is resolving to the default Plesk domain. I just seem to have problems with proper Route 53 DNS configuration.
I have followed the instructions here with no success: https://aws.amazon.com/getting-started/hands-on/map-your-domain-at-route53-to-lightsail/4/
I have also looked at a similiar post on Stack Overflow here: How to apply CDN with cloudfront - router 53 => lightsail instance However, I have not configured my cloudfront distribution in cloudfront, but rather in Lightsail.
Here is an image of my apex DNS Record:
Image of my A record entry
Do I need to create another record in my hosted zone? A record that continues to point the apex domain to the static IP?
Any help appreciated. Thanks.
I am responding to my own question with an answer I think addresses the problem in an alternate way.
I have been trying for a month to set up a CloudFront on my WordPress site running on a Lightsail Instance running Plesk using Route 53 as my DNS provider. I have finally been able to get it running. I installed the AWS for Wordpress Plugin. Follow this guide to set up a user.
Plugin Setup AWS Doc
My preferred domain is www.mydomain.ca. My WP site is setup to direct to www.mydomain.ca NOT mydomain.ca. In route 53 my apex domain (mydomain.ca) points to my static ip. The www.mydomain.ca record is set an ALIAS A record and points to the cloudfront domain name (123456abcdef.cloudfront.net). During set up the AWS WP pluging told me to set www.mydomain.ca to a CNAME ALIAS which will not work. I found some more useful documentation in another thread on SO.
It all seems to be working. However, you need to make sure you do not have any other cloudfront distributions connected to the origin (youdomain.ca), active or inactive, in the Cloudfront admin area OR the Lightsail admin area. This causes a conflict and the set up in the WP admin area will fail.
I hope this post helps someone and saves them a month &%$%ing around with Cloudfront Wordpress setup using Lightsail and Route 53.
I'm following the serverless-stack guide and have a website hosted in an Amazon S3 bucket. I purchased a domain using GoDaddy and I have set up cloudfront to work with this bucket, then have used AWS certificate manager to generate SSL certificates for my domain (both www.my_domain.com and my_domain.com).
In GoDaddy I then configured DNS forwarding to point to my cloudfront resource.
This all works nicely, and if I go to my_domain.com in a browser then I see my website.
However, I can't get SSL working. If I go to the https:// version of my website then I see a not secure error in the chrome address bar which shows a certificate pointing to shortener.secureserver.net rather than my own website.
Could someone point me at a way around this? Looking through S.E. and using google it seems that Amazon's route53 might be able to help, but I can't figure out how to do this.
Thanks!
(edit) To make things more clear, this is what I see in Chrome if I connect to https://my_website.com or to https://www.my_website.com
The warning message:
The certificate details:
What I do not understand is why, after configuring an AWS certificate for my domain, I see a certificate for shortner.secureserver.com rather than a certificate for my_website.com.
Go daddy has problems and does not redirect to https, There are two ways, the first is to change domain registrar and the second is the easiest, which is: Create a hosted zone on AWS router 53 with your domain name
Create 2 type A records, one for the root (of your domain) and one for www that point to your cloudfront. Router 53 allows you to create a type A record without having an IP, because it directly points to a cloudfront instance that you indicate, that's the best
Then in go daddy it gives you the option to change name servers and puts the ones assigned by aws in hosted zone with the record that says NS and you put those 4 in Godaddy, replacing the ones that had
Note: SAVE THE NAME SERVERS THAT YOU HAVE IN GO DADDY BEFORE REPLACING THEM, IN CASE YOU HAVE ANY PROBLEM, YOU CAN REPLACE THEM AGAIN
You have to wait at least a few hours until all the name servers are updated, you can use the who.is page to see if the DNS have already been updated with those of aws.
It turns out that this is not possible with GoDaddy. If anyone else reading this has a similar problem, only current solution is to cancel your domain registration and register with someone else.
(edit) As #aavrug mentions in their comment, Amazon now have a guide for this.
When you defined your CloudFront you can defined whether you want to use, and you can choose HTTPS only. In this case HTTP requests will be automatically redirected to HTTPS. Have in mind CloudFront changes may take a while to be replicated and your browser cache it as well, so the best way is to make a change, wait for the deployment and then check it in a new cognito browser.
It goes without saying that your certificate must be valid and verified as well.
It might be something wrong with your certificate or with your domain.
If you serving your content over HTTPS you must provide a SSL Certificate in Cloudfront. Have you done that?
Have you added your domain on Alternative Domain Names (CNAMEs)?
Please have a look on the image below:
-> AWS provides Free SSL Certificates to be used with Cloudfront, so you might want to use it (easier than you import your SSL from go daddy).
You can create a free SSL certificate on AWS and easily attach it to your cloudfront distribution.
-> You can also transfer your domains to AWS Route53. It is easy to integrate with any AWS Service and easy to use/maintain :)
I wrote a complete guide on my blog telling how you can add Custom SSL and attach custom domain to Cloudfront distribution, it might be useful :)
https://lucasfsantos.com/posts/deploy-react-angular-cloudfront/
I have a website that is a herokuapp app. For the past 5 years I regsitered the domain of this website / app with godaddy, and made the configuration necessary in the DNS and forwarding to the heroku address.
last month I decided to switch over to route 53 and AWS, I filled out the relevant forms and released the domain from godaddy , the transfer succeeded, and the domain is registered with route 53.
I thought that I would have to go in at one point and configure route53 to use the configuration I did in godaddy ( forwarding to heroku ) but somehow without doing anything the domain is working and the forwarding is there.
I have no problem , I just want to know how did this happen? if Route 53 automatically picked up the configuration from godaddy ( which is what I assume happened but would like to know more ) where in route53 can I inspect the configuration ( in casr I want to modify it in the future ).
Thanks.
Update :
After some digging around on www.whatsmydns.net I found out that my site Nameservers are ns44.domaincontrol.com. I called godaddy customer support asking them about this and they said that when they get a request to transfer a domain everything is migrated over (assuming to route53 )
I don;t know when will this expire from ns44.domaincontrol.com, but I still haven;t gone to route 53 and started the process of creating a hosted zone and other details, I am afraid its gonna mess up the existing setup , so If anyone has experience and can recommend a course of action I appreciate it.
When you transfer your domain to AWS Route53 there's an option to keep existing nameservers. You probably chose to do that. But it's not advised as mentioned here in AWS doc:
If the registrar for your domain is also the DNS service provider for
the domain, we highly recommend that you consider transferring your
DNS service to Amazon Route 53 or another DNS service provider before
you transfer your registration. Some registrars provide free DNS
service when you purchase a domain registration. When you transfer the
registration, the previous registrar will not renew your domain
registration and could end your DNS service at any time.
Source: Transferring Registration for a Domain to Amazon Route 53