I am getting stuck while trying to secure my S3 hosted website. The steps I have followed are:
I have created a custom domain with Route 53, hosted on S3.
Created an SSL certificate.
Created a CloudFront distribution and and set it to use my ssl certificate, and given my custom domain as the CloudFront "alternate domain name"
Created a public hosted zone for my domain.
Created "A" and "AAAA" records to link my domain to my CloudFront distribution.
However, I cannot access my website, either HTTPS or just HTTP. But I can access the website through the CloudFront Domain name just fine. Just not when I tried to access it through my custom domain name. (example.com)
You need to follow some steps to access your cloudfront distribution through a custom domain. Please check these 3 steps:
1 - Have you added a CNAME entry in cloudfront distribution as shown by the image below?
2 - All that you need in ROUTE53 is create an ALIAS entry pointing to your cloudfront distribution. Have you added this? If your settings are right, Route53 will give you the option of your distribution which matches with your domain. (Make Sure that you have set CNAME entry). Please refer to the image below:
3 - For last, please make sure that your SSL match with your domain.
I believe that you probably missing CNAME entry as described by step 1.
Related
I have a website setup in E2E having cPanel with the domain https://example.com. The images for the website are stored in an s3 bucket in AWS.
My final goal is to make the images in the s3 to be accessible as https://images.example.com/cake.jpg
For this, I have created a cloudfront distribution in AWS and made the images to be accessible with the cloudfront URL https://d1234.cloudfront.net/cake.jpg. But the next part, I do not know how to map the subdomain images.example.com to d123.cloudfront.net. Should I use the Alternative domian name setting in cloudfront as shown in the image below. The domain is setup in E2E so I'm not sure what to add in the CNAME field there.
Or should I just create an A record in E2E to map images.example.com to d123.cloudfront.net. If so, how can I add the SSL to images.example.com and force the SSL redirect from http to https?
You actually need to do both.
First within CloudFront you need to add the Alternative Domain Name(s) that you would like to use for your CloudFront distribution. Make sure to generate a certificate in ACM within us-east-1 that covers the domains you're going to setup.
Once this has been applied within your DNS provider you then need to create a record with the exact domain name specified (in Route 53 this would be Alias, in other providers a CNAME) and then give it the value of the CloudFront domain name.
If the alternative domain name is not featured in your CloudFront distribution traffic will be denied when you attempt to resolve the domain.
For more information follow the Using Alternate Domain Names and HTTPS documentation.
Problem -
custom domain in CloudFront is not working
I'm hosting a static website in AWS. There is two S3 buckets - mydomain.com and www.mydomain.com, where the later one redirects to the first one.
In Route 53, mydomain.com points to S3 bucket as A record and wwww.mydomain.com act as an A record alias to mydomain.com.
Now I wanted to use CloudFront but wanted to be used as https://cdn.mydomain.com/asset/some-image.png. So, I added mydomain.com, www.mydomain.com, cdn.mydomain.com as Alternate Domain Names (CNAME) in CloudFront. But please note that I do not have a S3 bucket named cdn.mydomain.com
Now as required, in AWS ACM, I have also added mydomain.com as domain name and the other two (www and cdn) as alternate domain names and all of these 3 domain have CNAME records in AWS Route 53.
Finally, I wanted to route traffic from Route 53 to Cloudfront but wanted to use my desired cdn.mydomain.com instead. So, I have created A and AAA alias record in Route 53.
name - cdn
alias - Yes
alias target - cloudfront generated domain
Result :
cloudfront generated domain works and it points to my website but cdn.mydomain.com does not (IP address not found). Just at this point, I have created another S3 bucket cdn.mydomain.com and redirected to mydomain.com. But this action requires an A record to be added in Route 53. But there is already an A record for the same name - cdn.mydomain.com that points to CloudFront domain, so no way to create another alias for the same name.
If its clear what my problem is, then please suggest the solution for it.
Well, apparently the problem was having HTTPS only policy in CloudFront -> Viewer Protocol Policy. Don't know why it matters. Changing it to Redirect HTTP to HTTPS surprisingly solves this problem.
I'm totally new to Amazon and all of its services. I have set up Amazon S3 and created a CloudFront distribution but what I want is to give a custom domain name to this CloudFront distribution.
I have created a sub-domain on my server and changed the CNAME to the CloudFront distribution link but I can not access to my content on S3. Can anyone tell me full go through how I can set up with alternate domain names?
To give a custom domain name to an Amazon CloudFront distribution:
Provide an Alternate Domain Name when creating your CloudFront distribution
Create a CNAME record in Route 53 (or your own DNS provider) that points to the URL of your CloudFront distribution (eg d3i29vunzqzxrt.cloudfront.net), or create an A record in Route 53 that uses Alias = Yes and select the CloudFront distribution.
From the help tip in the CloudFront console:
If you want to use your own domain name (for example, www.example.com) instead of the CloudFront domain name (for example, d1234.cloudfront.net) for the URLs for your files, specify up to 100 CNAMEs. Separate CNAMEs with commas or put each on a new line. You also need to create a CNAME record with your DNS service to route queries for www.example.com to d1234.cloudfront.net.
Update: Since this release (Apr 8, 2019) when you add an alternate domain name to a distribution, you must also attach a SSL/TLS certificate to that distribution that covers the alternate domain name.
So, first of all make sure that after you registered the domain name with your domain provider (GoDadday, CloudFlare, Route 53 etc') and created a CNAME record
you should do the following:
Add an SSL/TLS certificate from an authorized certificate authority (for example - Let's Encrypt) to CloudFront that covers the domain name you plan to use with the distribution - to validate that you are authorized to use the domain. (Read more in here).
And only then update your distribution to add an alternate domain name:
Open Amazon CloudFront console -> General view -> Edit -> Alternate Domain Names (CNAMEs) -> enter the CNAME that you want to associate with the CloudFront distribution (for example www or home).
I think the guide is designed to have you spend more than you should. Instead, you should:
Add Alternate Domain Name as the guide says.
Create "A" record in Route 53, not CNAME. AWS will charge you for each CNAME request.
I'm totally new to Amazon and all of its services. I have set up Amazon S3 and created a CloudFront distribution but what I want is to give a custom domain name to this CloudFront distribution.
I have created a sub-domain on my server and changed the CNAME to the CloudFront distribution link but I can not access to my content on S3. Can anyone tell me full go through how I can set up with alternate domain names?
To give a custom domain name to an Amazon CloudFront distribution:
Provide an Alternate Domain Name when creating your CloudFront distribution
Create a CNAME record in Route 53 (or your own DNS provider) that points to the URL of your CloudFront distribution (eg d3i29vunzqzxrt.cloudfront.net), or create an A record in Route 53 that uses Alias = Yes and select the CloudFront distribution.
From the help tip in the CloudFront console:
If you want to use your own domain name (for example, www.example.com) instead of the CloudFront domain name (for example, d1234.cloudfront.net) for the URLs for your files, specify up to 100 CNAMEs. Separate CNAMEs with commas or put each on a new line. You also need to create a CNAME record with your DNS service to route queries for www.example.com to d1234.cloudfront.net.
Update: Since this release (Apr 8, 2019) when you add an alternate domain name to a distribution, you must also attach a SSL/TLS certificate to that distribution that covers the alternate domain name.
So, first of all make sure that after you registered the domain name with your domain provider (GoDadday, CloudFlare, Route 53 etc') and created a CNAME record
you should do the following:
Add an SSL/TLS certificate from an authorized certificate authority (for example - Let's Encrypt) to CloudFront that covers the domain name you plan to use with the distribution - to validate that you are authorized to use the domain. (Read more in here).
And only then update your distribution to add an alternate domain name:
Open Amazon CloudFront console -> General view -> Edit -> Alternate Domain Names (CNAMEs) -> enter the CNAME that you want to associate with the CloudFront distribution (for example www or home).
I think the guide is designed to have you spend more than you should. Instead, you should:
Add Alternate Domain Name as the guide says.
Create "A" record in Route 53, not CNAME. AWS will charge you for each CNAME request.
I’m trying to add a route 53 record set that points to my cloudfront distribution. However, when I select ‘create record set’ in route 53 and click the alias target in the subsequent panel, the cloud front distribution is not listed. All I get is ‘No targets available’. My Distribution has been created and is enabled (and is working). I have added a CName to my distribution with the same domain name that I’m setting up in Route53, but it still doesn’t show.
How do I get my distribution to show in the Alias Target field so that I can point a Route53 ‘a’ record to it?
Thanks
Combining several correct but incomplete answers:
Only A records and AAAA are supported. Not CNAME records.
The Route53 "Alias Target" box matches against CloudFront distributions' "Alternate Domain Names" field. If you're creating a new record set for something.example.com, you should have already set the alternate domain name for one of your distributions to something.example.com.
The Route53 Management Console can be slow, and it might not find your distribution right away — wait until the distribution status is Deployed.
Make sure you have set one or more Alternate Domain Names for you distribution, otherwise it won't be listed on the target combo for Route53 Alias.
As far as I understand, that's the same as configuring ServerAlias on your Apache's VirtualHost (or the correspondent for Nginx and so on). Without it, your requests wouldn't be identified as destined to that distribution when it gets there.
From AWS's documentation:
If you're using CloudFront to distribute your content, you can use Amazon Route 53 to route queries to your CloudFront distribution. The name of your Amazon Route 53 hosted zone (such as example.com) must match an alternate domain name in the CloudFront distribution. You cannot route queries to the CloudFront domain name for your distribution (such as d111111abcdef8.cloudfront.net). The following procedure assumes that you have already registered the applicable domain names.
Make sure it's an A record rather than a CNAME record (weird, I know). I found that buried in the documentation here:
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-alias.html
If your distribution does not show as an alias target, you can always manually copy and paste the d123.cloudfront.net (replace d123.cloudfront.net with the actual DNS name of your distribution) in to the target. This will allow you to create the alias record.
Make sure your CloudFront distribution includes the name of your site (example.com )!
I was having the same issue and spent well over an hour trying to solve the problem...
TL/DR
Set your Origin ID in the origin in your Cloudfront Distribution to be the same as the domain name you are trying to create an alias for
More Detail
I struggled with this for some time.
In the end I compared a working CloudFront distribution which did show up in Route 53 with one that did not.
What I noticed was that the Origin Id specified in the origin for the distribution was not the domain name for my site.
This option is found in: CloudFront Distributions > [Id of distribution] > Origins and Origin Groups > Origins.
I only had one origin listed where the path was the name of a public s3 bucket. This entry also had an Origin ID field. When I updated this to be my domain name (without the www prefix) e.g. testdomain.com then I was able to see this cloud front distribution in the route 53 alias drop down.
You have to fill the Alternate Domain Names (CNAMEs) field e.g. use
www.my_site.com
*.my_site.com
For SSL Certificate field select
Custom SSL Certificate (example.com)
for this you will have to create and verify your domain with ACM, ACM has to be created in Virginia.
After that you will be able to see the Cloudfront in R53.
The trick was to enter the www before the domain because CloudFront matches against that alternate domain name with www or whatever subdomain you use. Type www or your subdomain and it will find the distribution.
It was taking forever for my cloudfront distribution status property to read deployed.
However inputting the cloudfront domain url into my address bar brought me to my website, aka the cloudfront domain url was live.
Feeling impatient, I copied this domain address and pasted it into the alias target field.
It worked!