I am new to ADFS implementation, now trying to do some POC to check how ADFS works.
I have created an AWS EC2 instance, Installed AD DS with
Root Domain: branch.tree
Post Domain Changes implemented on EC2, the target server is changed to something like below
adfs.branch.tree.com
After AD DS successfully configured, I have installed and configured ADFS3.0 in the same instance with details as below
Federation Service Name: adfs-sts.branch.tree.com
Now, Do I need to create a subdomain for 'Branch' under tree domain and config this to a load balancer?
How can we make adfs-sts.branch.tree.com/adfs/ls/idpinitiatedsignon.htm available over the internet?
I tried to access the same URL with Public IP, it is accessible but when tried with FQDN it is not accessible.
If it is accessible by IP but not by URL, the first thing you need to check is DNS resolution ( nslookup adfs-sts.branch.tree.com ) and make sure it matches up. If it does, start checking the DNS A and PTR records for bad entries.
Since you are hosting both pieces on AWS you may be using Route 53, so sharing your configuration there would be the next troubleshooting step.
Related
My client has a domain configured in a different provider and I built a website in AWS. We want to use their sub domain created in the different provider but the think is: they are using this domain to a different site as well, so they cannot set it via DNS server name; the second possibility would be via IP, however my IPs are not defined as I'm using Amplify to build the site.
Is there any other way we can connect their sub domain to my website?
Our two first options were: DNS server name but they are using te main domain to another site, so it would cause another issue and IP address but my IP are not defined as I'm using amplify to build.
I expect to be able to connect my website to their sub domain that is located in a different provider.
In the Amplify console, go to Domain management under your app settings. From there, add your domain and make sure to exclude the root since you only want to set up a subdomain. You can view the required DNS records from there. Basically you will need to set up a CNAME on your DNS configuration.
This documentation might help - https://docs.aws.amazon.com/amplify/latest/userguide/to-add-a-custom-domain-managed-by-a-third-party-dns-provider.html
My rest API (node) is set up in AWS ECS behind a load balancer - super-long-aws-lb-url
I also have a domain registered and a subdomain for my backend which is set up as an A-record aliased to the load balancer; I access my rest API at something like data.mydomain.com/api/resource/{:id} - this is working as expected.
There's one endpoint that serves as a reverse proxy for accessing user-generated content - it's public and currently I can access it via
data.mydomain.com/api/content/public/{:id}
What I'd like to do is create a "pretty" url to just that endpoint in route53 so that the public endpoint becomes available via content.mydomain.com/{:content-id}
So far I've tried setting up this subdomain as a CNAME pointing directly to the string value composed of ALB URL + endpoint
content.mydomain.com -> super-long-aws-lb-url/api/content/public/
I expect that this will allow me to access that content at http://content.mydomain.com/{:content-id} but I get a Server Not Found error
Next I tried setting it up as an A-Record with an alias, but since it needs a resource with an IP address, I'm forced to select an AWS resource from a dropdown, and I'm back to using the load balancer without bypassing the global prefix (api) and the resource URL (content/public)
Is there a way to point a subdomain directly to an API endpoint in AWS?
Amazon Route 53 is a Domain Name Service (DNS).
DNS is used to resolve a domain name (eg data.mydomain.com) to an IP address, which allows traffic to be sent to a specific computer.
DNS only covers the domain name. It does not include anything after the slash.
Therefore, you can not use Amazon Route 53 to point to a 'path' (eg /api/content/public/).
Such redirection would be the job of any software running on the target computer. You can likely configure this in your web server software.
I have an issue, or perhaps an understanding problem with linking my domain with AWS. I will use the xy.ro domain as an example.
I have the xy.ro domain registered with easyhost.com. On AWS I have a node.js express web app.
My xy.ro domain is not working as it does not point to anything.
I tried to create a hosted zone on AWS with the xy.ro domain and tried to create a dataset for this domain but it does not work.
I tried to find step by step instructions also on AWS and other providers but I did not find anything.
Can someone point me into the right direction?
If your domain xy.ro is registered with easyhost.com then it would presumably also be using their DNS hosting service to serve your DNS records.
Creating a public hosted zone in AWS won't affect the DNS resolution unless you can migrate your name servers to use Route 53.
I was not able to see steps from easyhost.com website, however from the AWS side take a look at this documentation.
You should be able to copy the name servers and update within easyhost so that it will use Route 53 as your DNS provider instead.
I have create a AWS elastic search domain in Virginia and got a Endpoint url.
Now I wanted to configure the Route53 behavior around it, so that a caller can use the same url, even though there is some change in elastic search or in case of a disaster recovery.
So,
Virginia Route 53 -- 1 Points to -- Virgina Elastic Search Domain URL
Oregon Route 53 -- 2 Points to -- Oregon Elastic Search Domain URL
Main Route 53 -- 3 Points to -- Route 53 1 or 2
I have already create these and also created and uploaded SSL certificate with correct SAN entries. But when I execute,
curl https://mainroute53/health
curl https://virginiaroute53/health
curl https://oregonroute53/health
I am getting this error,
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
But when I am calling the Elastic Search URL directly its working. So I understand this is a issue with the way I am using the certificate. Any help appreciated.
Your Elastic Search endpoint will always return the Elastic Search SSL certificate.
So when you create a Route 53 "alias" for it, you may be connecting to it via your custom DNS entry, but Elastic Search will still use the Elastic Search SSL certificate.
Since the DNS endpoint you're using does not match the SSL certificate, you get that error.
You could use the --insecure curl flag to have it not check the SSL certificate, however, there are risks of doing that.
You can probably work around this by setting up a proxy server in front of the Elasticsearch domain, although it's kind of silly since there appears to also be an ELB inside the Elasticsearch domain. Ah well.
The domain Amazon ES creates for you includes the nodes in the Elasticsearch cluster and resources from several AWS services. When Amazon ES creates your domain, it launches instances into a service-controlled VPC. Those instances are fronted by Elastic Load Balancing (ELB), and the endpoint for the load balancer is published through Route 53. Requests to the domain pass through the ELB load balancer, which routes them to the domain’s EC2 instances.
https://aws.amazon.com/blogs/database/set-access-control-for-amazon-elasticsearch-service/
One way you can access Elasticsearch using your custom domain name is to use an API Gateway as an HTPP proxy. But then you have to deal with the authentication part since the Cognito cookies for ES will be pointing to the original domain (*.es.amazonaws.com).
In my experience this is doable and you should be able to use API Gateway (plus Custom Domain Names and Route 53) to achieve what you want (having a custom domain name over ES). It's just that it requires some Cognito knowledge and most likely, some coding (to handle the cookie problem).
You can use the http endpoint instead of the https one
i.e
curl **http**://mainroute53/health
This works around the fact that AWS does not allow providing custom domain certificate in its managed Elastic service
We had the same issue, wanted to be redirected to Kibana with a more friendlier DNS name and we used the solution with S3 bucket and the redirection as described here.
The steps:
Create a S3 bucket with any name.
In the bucket properties, enable “Static Website hosting”.
In the Static WebSite hosting properties, select the option to “Redirect Requests”.
In the target domain set the Kibana URL that is given from your elasticsearch domain: i.e. https://vpc-es-randomstring.us-east-1.es.amazonaws.com/_plugin/kibana/
Set Protocol to https
Then follow the steps from Step 5 on the guide above
I am new in the Amazon EC2 world, I just created an app, that is located URL like this:
http://ec2-54-123-45-678.compute-1.amazonaws.com:8080
This is generated URL by Amazon EC2.
Now I would need to use my own domain name, so when I would access www.my-domain-name.com, I would like to see the content from
http://ec2-54-123-45-678.compute-1.amazonaws.com:8080
I bought the domain name on Godaddy.
Is there any way to do this in Amazon AWS dashboard or do I need to set it up in Godaddy system?
Thanks
I am answering on a more general level because I stumbled upon this thread when setting my custom domain.
In Amazon I created an instance and associated an IP to that instance. You were able to access it by typing in the amazon url
I actually used Media Temple not GoDaddy, but it will be similar. I went to the zone file and added that public url to the www
And as you can see, here is my blog actually working on the custom domain.
I set the wildcard because that way, no matter what someone types, if it is not set, then they will still see the site.
EDIT
For the root URL you should be entering your elastic IP and setting that as an A record.
First you need to set an ElasticIP for associated to that instance.
Then point the DNS entry of "www" for "my-domain-name.com" to the IP assigned in the step above.
Where you manage your DNS is another thing, can be in GoDaddy or in AWS Route53. You must adjust the delegation DNS in the "my-domain-name.com" register. Ex: your domain can be registered with GoDaddy but its delegation DNS point to Route53 so you can manage the domain from your AWS Console.
In order to setup DNS mapping you can map the existing IP 54.123.45.678 to ex: www.my-domain-name.com.
However, as you are running tomcat which is running at 8080 you need to forward the the request to the tomcat using Apache. So that you can visit www.my-domain-name.com without port 8080. If you are using linux box install Apache, apache-modjk and then configure sites.