I have the following setup:
A documentation website hosted in an S3 bucket
A CloudFront distribution using that bucket as its origin, accepting HTTP or HTTPS traffic
3 custom domain names registered through Route 53; let's call them example.com, .net, and .org.
An ACM certificate for those 3 domains so HTTPS will work
The example.com Hosted Zone has an ALIAS record pointing to the CloudFront distribution, so http://docs.example.com or https://docs.example.com will show the website.
Now, I want to put the following redirect rules in place. Basically, everything should redirect to docs.example.com, using whatever protocol the user originally requested with.
http://docs.example.net > http://docs.example.com
https://docs.example.net > https://docs.example.com
http://docs.example.org > http://docs.example.com
https://docs.example.org > https://docs.example.com
This is where I'm having trouble. If I point the .net and .org subdomains at the CloudFront distribution with ALIAS records, then the URL will still show that subdomain, rather than .com. If I create S3 buckets named after the .net and .org subdomains with redirect rules to the .com, and add ALIAS records to those buckets, then everything works great for HTTP, but HTTPS fails b/c the ACM certificate only works for CloudFront, not S3. And if I try to just add CNAME records to the .net and .org subdomains that point to .com then HTTPS still fails, and also HTTP redirects to HTTPS for some reason.
According to this SO post, it looks like my only option is to create two additional CloudFront distributions, one for .net and one for .org. But that just sounds so over-engineered to me, and will really bloat the CloudFormation template that I'm using to do all of this.
Can anyone recommend a simpler solution?
There is no direct approach in CF to redirect across domains (Even though .com .org and .net linked to same distribution). The simplest approach I could recommend is to use AWS Edge Lambda in Cloudfront to redirect accordingly.
Related
Similarly to other stacks, I have hosted a website using AWS services:
Registered domain on Route 53 (example.net)
Content is hosted on an S3 bucket
Got an SSL certificate using AWS Certificate Manager
Created a CloudFront distribution, pointed it to S3 and connected it to my domain with Route 53.
All of this works except for an issue at what seems to be the final hurdle. When I enter my domain url into the search bar, example.net, the connection isn't secure by default. I've illustrated the problem here.
I'm relatively new to hosting and can't find a solution relating to this. My thoughts are that I'm missing some Cloudfront or Route 53 configuration, since another thing that doesn't work is connecting via www (I don't care about that issue as much). Any input is appreciated.
By default enabling HTTPS on a website doesn't disable HTTP. They are both available, on separate ports. That's why you have to type https:// in the browser's address bar to go directly to the HTTPS version of your website. You can get CloudFront to redirect all HTTP requests to HTTPS by following this guide.
I'm currently going through the process of switching our domain, we'll say we're moving from olddomain.com to newdomain.com
We have all of our services hosted on AWS, and I'm having an issue with our www subdomain not properly redirecting to the new domain.
I'm trying to have www.olddomain.com redirect to www.newdomain.com - the strategy that I'm on currently attempting is to use an s3 static site that redirects to the new domain. Since the site/url is https, I'm also needint to put a cloudfront distribution in front.
Starting from the bottom and moving up...
The s3 static site url directly works fine for the redirect.
The cloudfront distribution (pointing properly to the s3 static site) works fine for the redirect, both on http and https.
I have the DNS record for www.olddomain.com pointing at the cloudfront distribution
Going to www.olddomain.com does NOT redirect, but instead tries to render our web application on a broken www.olddomain.com (server is setup to not allow traffic from there anymore).
I've gone through a lot of different options and configuration, but it's very stange/important that the redirect works fine directly on the s3 static site as well as the cloudfront distribution, however it does not work when going to the domain that points to the cloudfront distribution. Please let me know any further details that can be supplied to help look into this issue and I'll be happy to supply them.
The issue for me ended up being that I needed to add the alternate CNAME of www.olddomain.com and the ssl certificate for that domain in the cloudfront settings.
Issue
I have a static website hosted on AWS S3. There are two buckets: mywebsite.com hosts the actual files, and www.mywebsite.com redirects to the former. The domain is registered in Route 53, and I have a CloudFront distribution to speed things up and ensure https is used. I also add security headers using Lambda#Edge.
My website connects to an API Gateway and, since CORS does not allow multiple domains (i.e. mywebsite.com and www.mywebsite.com), I need to ensure all requests to www.mywebsite.com are redirected to mywebsite.com (in addition to http redirecting to https). This domain redirect happened when I only had S3 but, after following AWS documentation to add CloudFront, this is no longer the case:
If the browser no longer redirects you to the root domain (for example, http://example.com), the new A records are in place.
So the question is: How do I retain the benefits of CloudFront, while reinstating the domain redirect?
Research
I found two relevant SO questions, both about 5 years old:
How to redirect non www to www in aws s3 bucket and cloudfront
Supporting HTTPS URL redirection with a single CloudFront distribution
However, their solutions are different, and I am trying to understand the tradeoffs.
The former suggests that I:
Edit my Route 53 A record for www.mywebsite.com to point to the S3 bucket for www.mywebsite.com (instead of CloudFront distribution), and
Modify the CloudFront distribution to remove www.mywebsite.com from its CNAMEs.
Note that I am referring to the solution by the question asker (not the accepted answer), and this question's domain remapping is the reverse of mine.
The latter suggests that I:
Create a second CloudFront distribution that maps www.mywebsite.com to the corresponding S3 bucket (editing my Route 53 A record for www.mywebsite.com to point to this new distribution), and
Modify the existing CloudFront distribution to only process mywebsite.com.
So the second step of both solutions is identical, but the first part differs, and I am trying to understand what impact this would have.
Basically the difference seems to boil down to whether the second step in this sequence exists:
www.mywebsite.com's Route 53 A record -->
2nd CloudFront distribution -->
empty S3 bucket with redirect -->
mywebsite.com's Route 53 A record -->
original CloudFront distribution (which triggers Lambda#Edge) -->
S3 bucket with actual website files
If the user enters mywebsite.com, either with http or https, we start at stage 4 and there's no difference as far as I can tell. But I'm unclear on what difference this CloudFront distribution makes if the user enters http://www.mywebsite.com or https://www.mywebsite.com:
Will http://www.mywebsite.com work equivalently in both cases?
Will https://www.mywebsite.com be broken without a second CloudFront distribution, because S3 bucket only supports http?
Since all requests ultimately go through CloudFront in step 5, I assume Lambda#Edge only needs to be triggered there?
Lastly, am I correct that it does not matter whether I redirect www.mywebsite.com to mywebsite.com or vice-versa? I am choosing the former because that is how the AWS documentation guided me when setting up the S3 buckets, but their CloudFront instructions also ensured API Gateway + CORS would fail by not consolidating both domains, so I want to make sure I'm not painting myself into another future corner.
I'm currently hosting a React website through AWS CloudFront. I have the CloudFront URL, ex: http://xxxxxxxxxxxx.cloudfront.net but I want to use the distribution with my domain name. I am using Google Domains at the current moment. I've looked into CNAME records and ALIAS records (Google Domains currently doesn't support ALIAS) but still haven't figured out a solution. At the same time, I'm trying to reduce downtime for the site, so this is a bit tricky because I'm trying to minimize experimentation.
Here's what I've tried:
CNAME: www -> xxxxxxxxxxxx.cloudfront.net
Result: caused website to not load
CNAME: # -> xxxxxxxxxxxx.cloudfront.net
Result: Google Domains doesn't let you do this!
I also tried Google's "Synthetic Records" for redirection, but as I expected that just redirects to the CloudFront domain whenever I enter my domain.
I know that AWS Route 53 would be a valid option except that they don't support '.app' domains for some reason.
I've included the domain CNAME and SSL certificate on CloudFront, but I'm confused about what I'm doing wrong as for the DNS info.
Has anyone had experience setting up a CloudFront website for their own domains using Google Domains? I've done a bunch of research on this but for some reason haven't found any results that have helped me.
The entirety of my web application is contained within various AWS services and is working properly with Cloudfront.
When I go to abcxxxx.cloudfront.net my site works as expected and is secured with https.
When I try and use my own custom domain with Route53 and setting www.mywebsite.com and mywebsite.com as aliases, it is no longer secure.
My alias target for each is the proper Cloudfront domain.
I don't know if the following has to do with my problem but when I try to go to mywebsite.com it says:
"this site cannot be reached"
but when I go to www.mywebsite.com it redirects to https with the "https" crossed out in red and displays "not secure".
Cloudfront also has the proper CNAMES.
How do I properly configure Route53 to work like my Cloudfront domain?
Mark B answered the question. Don't use Cloudfront's default SSL Certificate. Go to Certificate Manager and request a new one and use that one in Cloudfront. My site then worked exactly as expected