Problem -
custom domain in CloudFront is not working
I'm hosting a static website in AWS. There is two S3 buckets - mydomain.com and www.mydomain.com, where the later one redirects to the first one.
In Route 53, mydomain.com points to S3 bucket as A record and wwww.mydomain.com act as an A record alias to mydomain.com.
Now I wanted to use CloudFront but wanted to be used as https://cdn.mydomain.com/asset/some-image.png. So, I added mydomain.com, www.mydomain.com, cdn.mydomain.com as Alternate Domain Names (CNAME) in CloudFront. But please note that I do not have a S3 bucket named cdn.mydomain.com
Now as required, in AWS ACM, I have also added mydomain.com as domain name and the other two (www and cdn) as alternate domain names and all of these 3 domain have CNAME records in AWS Route 53.
Finally, I wanted to route traffic from Route 53 to Cloudfront but wanted to use my desired cdn.mydomain.com instead. So, I have created A and AAA alias record in Route 53.
name - cdn
alias - Yes
alias target - cloudfront generated domain
Result :
cloudfront generated domain works and it points to my website but cdn.mydomain.com does not (IP address not found). Just at this point, I have created another S3 bucket cdn.mydomain.com and redirected to mydomain.com. But this action requires an A record to be added in Route 53. But there is already an A record for the same name - cdn.mydomain.com that points to CloudFront domain, so no way to create another alias for the same name.
If its clear what my problem is, then please suggest the solution for it.
Well, apparently the problem was having HTTPS only policy in CloudFront -> Viewer Protocol Policy. Don't know why it matters. Changing it to Redirect HTTP to HTTPS surprisingly solves this problem.
Related
I decided to host my self portfolio on AWS so I done following steps.
Host it on s3 (everything OK)
Buyed domain in route53
Created A type record to point my domain to s3 (everything OK)
Generated public certificate in ACM for domains: *.mywebsite.com, mywebsite.com
Created CloudFront distribution and with following setiings
ORIGIN DOMAIN NAME: links to s3 (everything OK)
CNAMES: www.mywebsite.com, *.mywebsite.com, mywebsite.com
WIEVER PROTOCOL POLICY: redirect HTTP to HTTPS
used custom certificate made in step 4
Created another CNAME record that points *.mywebsite.com to cloudfront url
and as I am totally happy about how things works when i go on website with subdomain like:
www.mywebsite.com
foobarbaz.mywebsite.com
http://www.mywebsite.com
All of those work great redirect it to my website throught https protocol
but the issue is when I try to reach my website without subdomain like that mywebsite.com thats go through http protocol and for https I end up with ERR_CONNECTION_TIMED_OUT, so I tried adding another CNAME record for name mywebsite.com and got an following error:
Error occurred
Bad request.
(InvalidChangeBatch 400: RRSet of type CNAME with DNS name mywebsite.com. is not permitted at apex in zone mywebsite.com.)
Any ideas how to get around that issue?
I am not really into networking and configuring those type of stuff, so I would appreciate any tips if I done something wrong.
#edit:
tried adding A type record with name mywebsite.com to www.mywebsite.com and received:
(InvalidChangeBatch 400: Tried to create resource record set [name='mywebsite.com.', type='A'] but it already exists), there is already one linking to S3
You have a problem in Step 3). The apex domain points to the S3 bucket, which should point to the CloudFront distribution.
Here's how it should look like:
Route53: ACM certificate CNAME, A record => cloudfront
CloudFront: ACM certificate + alias for mywebsite.com, Origin: S3 bucket
S3 bucket: host the files
Note that only A records (and AAAA, if you want IPv6) point to CloudFront, and there is only 1 CNAME record that is used by ACM to validate the domain.
AWS's doc describes this scenario. ie-
You can't create a CNAME record at the top node of a DNS namespace, also called the zone apex (such as example.com). If you're creating a record for the apex domain to point to AWS resources, you can use an alias record instead of CNAME.
Alias Records
So, you can use an Alias record with type A instead of CNAME to get around the error you're seeing.
So I created two buckets in S3. One with my domain name xxx.ninja and the other with the www. subdomain. The www one I redirected to the first. Then I created a domain in Route 53. And because I wanted https on my site I created a cloudfront distribution with redirect http -> https.
The s3 bucket url works just fine, but the site URL does not. I think I may have set it up incorrectly.
In AWS CloudFront I created my distribution and used the cloudfront default SSL cert. I choose redirect http -> https. And I pasted in my s3 website URL.
Then I copied the domain name and went to Route 53. After I created my domain I open its hosted zone and added an A record with the alias of the cloudfront domain name.
But the URL doesn't work. I get a 403 CloudFront error in the browser.
Thoughts?
IF you're using the default CloudFront SSL this indicates to me that you're not using a custom hostname (which would deny access to the CloudFront distribution).
You will need to add additional names to your CloudFront distribution (specifying every hostname that will have a DNS record resolving to the CloudFront distribution). In addition you will need to generate an SSL in ACM (which is free), this must be in region us-east-1.
More information on how to add a custom domain to your CloudFront distribution is available here.
I'm totally new to Amazon and all of its services. I have set up Amazon S3 and created a CloudFront distribution but what I want is to give a custom domain name to this CloudFront distribution.
I have created a sub-domain on my server and changed the CNAME to the CloudFront distribution link but I can not access to my content on S3. Can anyone tell me full go through how I can set up with alternate domain names?
To give a custom domain name to an Amazon CloudFront distribution:
Provide an Alternate Domain Name when creating your CloudFront distribution
Create a CNAME record in Route 53 (or your own DNS provider) that points to the URL of your CloudFront distribution (eg d3i29vunzqzxrt.cloudfront.net), or create an A record in Route 53 that uses Alias = Yes and select the CloudFront distribution.
From the help tip in the CloudFront console:
If you want to use your own domain name (for example, www.example.com) instead of the CloudFront domain name (for example, d1234.cloudfront.net) for the URLs for your files, specify up to 100 CNAMEs. Separate CNAMEs with commas or put each on a new line. You also need to create a CNAME record with your DNS service to route queries for www.example.com to d1234.cloudfront.net.
Update: Since this release (Apr 8, 2019) when you add an alternate domain name to a distribution, you must also attach a SSL/TLS certificate to that distribution that covers the alternate domain name.
So, first of all make sure that after you registered the domain name with your domain provider (GoDadday, CloudFlare, Route 53 etc') and created a CNAME record
you should do the following:
Add an SSL/TLS certificate from an authorized certificate authority (for example - Let's Encrypt) to CloudFront that covers the domain name you plan to use with the distribution - to validate that you are authorized to use the domain. (Read more in here).
And only then update your distribution to add an alternate domain name:
Open Amazon CloudFront console -> General view -> Edit -> Alternate Domain Names (CNAMEs) -> enter the CNAME that you want to associate with the CloudFront distribution (for example www or home).
I think the guide is designed to have you spend more than you should. Instead, you should:
Add Alternate Domain Name as the guide says.
Create "A" record in Route 53, not CNAME. AWS will charge you for each CNAME request.
I am hosting a static website on AWS using Amazon S3 + CloudFront + HTTPS.
I need to ensure that the website is opened by only one of the CNAMEs and not the other (non-www). The S3 domain must also be forwarded to the main WWW domain.
How can this be done?
You need to use S3 to redirect the requests.
You will firstly need to create two buckets with the names: www.example.com and example.com and provide appropriate bucket
policies
You will then need to redirect all the traffic from example.com S3 bucket to www.example.com by going into static website hosting
settings. Check out the below settings
Now, you have to setup the CNAME in Route53 such that example.com will translate to www.example.com
Create a distribution for www.example.com and use the alternative CNAME as www.example.com
If I understand you correctly, you can add a CNAME to a CloudFront Distribution from within the CloudFront console. You can also add a CNAME to a CloudFront distribution in Route53 by selecting to add a CNAME, click the Alias=yes radio button and select the relevant CloudFront resource.
See image below for where this is done in Route 53:
I have a static website hosted in S3 inside the bucket client1.examplecorp.com with a corresponding R53 record client1.examplecorp.com. A ALIAS s3-website-us-east-1.amazonaws.com.
I want my client's (client1.com) webadmin to create a dns record for the subdomain quotes.client1.com which will point to AWS (The client1.com does not use R53).
Should it point to client1.examplecorp.com ?
Or directly at the S3 bucket endpoint ?
The concept is that, the final user will see only the quotes.client1.com subdomain and not know about client1.examplecorp.com .
I hope I describe it well enough...
I have read the AWS docs about Setting Up a Static Website Using a Custom Domain , Virtual Hosting of Buckets and also this SO post.
I have a feeling that what I am searching for is described here How to redirect domains using Amazon Web Services .
I just do not understand how the registrar of the client will redirect traffic for that specific subdomain (quotes.client1.com) to client1.examplecorp.com by adding the 4 nameservers.
Moreover, will the redirect affect only this subdomain or the whole client1.com .
Finally, will it be completely transparent? Meaning that, the client1.examplecorp.com will not be shown to the end user?
I have not a firm grasp on explaining it , so please bear with me.
Here are two possible solutions:
In these examples, the client's main domain is example.com.
Option 1:
Create a bucket whose name is the same as the desired hostname, and have the client create a CNAME record pointing to the web site endpoint for the bucket.
Bucket name:
quotes.example.com
Web site endpoint (assuming us-east-1 region):
quotes.example.com.s3-website-us-east-1.amazonaws.com.
Client DNS:
quotes.example.com. CNAME quotes.example.com.s3-website-us-east-1.example.com.
The client does not need to be using Route 53 for their DNS, but the bucket name must exactly match the hostname they are pointing to the bucket, because that is how S3 works.
Option 2:
Send the traffic through CloudFront. In this scenario, the bucket name does not matter, because CloudFront will translate it to the correct bucket name.
Bucket name:
example-bucket
Web site endpoint:
example-bucket.s3-website-us-east-1.amazonaws.com
New CloudFront Distribution system-assigned hostname:
djozxyqkexample.cloudfront.net
CloudFront Origin (do not select the bucket name from the dropdown list, type in the S3 website hostname as shown in the S3 console):
example-bucket.s3-website-us-east-1.amazonaws.com
CloudFront alternate domain name:
quotes.example.com
Client creates a DNS CNAME
quotes.example.com. CNAME djozxyqkexample.cloudfront.net.
This solution also does not require that the client use Route 53, and -- importantly -- the bucket name does not need to match the hostname -- the hostname simply needs to be configured as a CloudFront alternate domain name so that CloudFront recognizes the Host: header when it arrives.
If you want to reuse the same bucket for multiple sites, you can add more hostnames to the CloudFront alternate domain name setting, or you can create multiple distributions pointing to the same bucket.
Note also that using CloudFront in front of S3 is effectively free, because S3 will no longer bill you for bandwidth when you use CloudFront -- instead, CloudFront will bill you for bandwidth, at the CloudFront rate, which is often slightly lower that the S3 rate.
In both cases, above, the client does not need to use Route 53, because they hostname in question is not the zone apex hostname (the "naked domain"). To use a naked domain with either solution requires Route 53, but that isn't applicable here.
Unfortunately, I think this is not possible. I am assuming that you own the corporation domain in this case.
For you to use client1.corporation.com, you had to use Route 53, right?
You also could not configure some DNS record in your other NameServer and do the same.
Similarly, for you to use quotes.client1.com point to the S3 bucket, you also need to ask the client use Route 53.
Hope that helped
Cheers!