So, I've used things like Route 53 before. I have a project now where there will be a website that is served over static pages but uses Javascript to hit an API. The static pages are stored in S3 cached behind cloudfront, the api is an API gateway tied to some backend logic.
How can I make it so www.site.com points to the cloudfront-attached S3 instances, but www.site.com/api/ redirects to my api? Is this even possible?
It's not possible to do that using DNS.
Instead, you can use CloudFront to front both: the S3 bucket and the API.
Create a CloudFront distribution.
Set it's alias to www.site.com
Create one "behaviour" for /api and have it use an origin pointing to your API.
Have a second (default) behaviour for everything else and have it use an origin pointing to your S3 bucket.
Finally, use Route53 point www.site.com to your CloudFront distribution.
If instead of www.site.com/api you used api.site.com or some similar subdomain, you wouldn't need to point a CF distribution at the APIGW API.
APIGW is already fronted by a CF distribution; the Custom Domain Name feature allows you to import an SSL Cert which is attached to the existing CF distribution. Then APIGW provides the domain name of the CF distribution so you can configure a subdomain record like api.site.com to point at it.
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html
Yes you can do this in AWS.
Create a CloudFront distribution, point your domain to CloudFront in Route53.
In the newly created distribution, locate the Origins tab, select Create Origin. Add a path /api, point it to API Gateway / an ELB / an EC2.
Then create another origin, add the path /cdn, point it to an s3 bucket.
Related
I registered a domain on Route53 and I would like to use the same domain for both my front-end and the back-end (example xyz.com).
The whole infrastructure is hosted on AWS.
The font-end is an app hosted on S3 and fronted by cloudfront.
The back-end is served via API Gateway.
I created a record of type A to point the API Gateway endpoints and I now try to create a new record of type A to serve the front-end (point cloudfront) which doesn't allow me, returning the error:
A record with the specified name already exists.
What is the correct way to achieve having both the front-end and the back-end behind the same domain?
First of all, you can not create multiple A records like that.
As luk2302 said, the normal approach is use two domains. But if you want to keep the same domain for both FE and BE, you can use multiple path patterns of CloudFront to do the routing for you.
It will look like this: You have 1 CloudFront distribution, it will have 2 behaviors with 2 origins: S3 and API Gateway. The first behavior will have path pattern /api/* and it will point to API Gateway's Origin. And the default path pattern will go to S3's Origin
I'm moving my domain names from CloudFlare's DNS to AWS Route53 and in some cases I'm using CloudFlare's redirects for project that are dead so that their domains go to a page in another domain, so https://projectx.com goes to https://example.com/projectx-is-no-more.
I want to replicate this in AWS and what I found so far is this:
Set up an S3 bucket with the redirect to the desired URL, https://example.com/projectx-is-no-more
Set up CloudFront for the domain, projectx.com
Generate the TLS cert for projectx.com and add it to CloudFront so it can serve both https and http.
Set up Route53 to resolve the domain name to CloudFront.
I set it up, it's working, I'm even using CDK so I'm not doing it manually. But I'm wondering if there's a way of setting up these redirects that requires less moving pieces. It sounds like such a redirect would be a common enough problem that maybe Route53 or CloudFront would have a shortcut. Are there any?
Update: using only S3 doesn't work because S3 cannot serve https://projectx.com. S3 has no method by which it can respond to HTTPS request for arbitrary domains, there's no way of adding a TLS certificate (and keys) for another domain.
I checked for information and see only three possible solutions:
Set up CloudFront + S3 *
Set up Application Load Balancer
Set up API Gateway + Lambda (mock integration may be used instead of Lambda, that should reduce service cost)
Use GitHub pages with custom domain
※ S3 support only HTTP traffic so we need to add CloudFront for HTTPS:
Amazon S3 does not support HTTPS access to the website. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.
In my opinion the ②nd way is super easy to set up but running 24/7 ALB is little bit expensive. In other way Lambda and API Gateway price depending on requests count. CloudFront seems to be cheaper than ALB too.
So the better solution is depending on how many requests you have
The ④th solution is depends on GitHub platform (wider than AWS only scope), but it is absolutely free and support custom domain and Let's Encrypt certificates out of the box.
You just need to create repository with static index.html file that will do redirects
You can do it without including CloudFront.
What you need to do is create S3 bucket projectx.com. In Properties go to Static website hosting. Enable static website hosting and choose Redirect as a hosting type (add the redirection URL).
You will still need to set up Route53, but you will now add alias to this projectx.com bucket, instead of going to CloudFront
I did a search in the aws docs and couldn't find anything that could help me to setup a cloudfront distribution for a non aws origin server to secure my domain with https. I'm using route 53 to manage my dns for the domain, I'd like to setup https for the domain but it is not hosted with aws. How can I use aws to create a secure domain with https?
Update: I've created the cloudfront distribution and set the alternative cnames to the domain (example.com and www.example.com). In Route 53 I updated the A record for the domain - example.com - to be an alias and pointed it to the cloudfront distribution, but when I try to access the site I get page not working error. The domain does now have he secure padlock, but I can't access the site. Here is the error that I get when I access the site:
The simplest way is to use a CloudFront distribution in front of your non AWS endpoint. This endpoint would be configured as a custom origin endpoint.
You would need to generate or upload a certificate to ACM to attach to the resource. This must be done before you can use the distribution on your own domain, if you don't have it when you create the distribution you will need to edit it later.
The AWS documentation includes documentation for Creating a Distribution. If you follow this and reference your endpoint as the custom origin you will be able to create the host.
You will need to ensure you configure the Origins Origin Protocol Policy option to be HTTP Only if your host does not have a HTTPS certificate.
Be aware that as the CloudFront distribution communicates with your endpoint over the internet, any traffic between CloudFront and your endpoint will still not be encrypted.
I have a website setup in E2E having cPanel with the domain https://example.com. The images for the website are stored in an s3 bucket in AWS.
My final goal is to make the images in the s3 to be accessible as https://images.example.com/cake.jpg
For this, I have created a cloudfront distribution in AWS and made the images to be accessible with the cloudfront URL https://d1234.cloudfront.net/cake.jpg. But the next part, I do not know how to map the subdomain images.example.com to d123.cloudfront.net. Should I use the Alternative domian name setting in cloudfront as shown in the image below. The domain is setup in E2E so I'm not sure what to add in the CNAME field there.
Or should I just create an A record in E2E to map images.example.com to d123.cloudfront.net. If so, how can I add the SSL to images.example.com and force the SSL redirect from http to https?
You actually need to do both.
First within CloudFront you need to add the Alternative Domain Name(s) that you would like to use for your CloudFront distribution. Make sure to generate a certificate in ACM within us-east-1 that covers the domains you're going to setup.
Once this has been applied within your DNS provider you then need to create a record with the exact domain name specified (in Route 53 this would be Alias, in other providers a CNAME) and then give it the value of the CloudFront domain name.
If the alternative domain name is not featured in your CloudFront distribution traffic will be denied when you attempt to resolve the domain.
For more information follow the Using Alternate Domain Names and HTTPS documentation.
Is there a way to point an AWS Cloudfront instance to my own personal web server not hosted in AWS. So it's not an EC2 or a ELB instance. It's a custom web server hosted with another host. Is this possible? I can't seem to configure this an origin?
Yes, You can do that. When creating distribution, In the Origin Settings section specify your domain as the "Origin".
Suppose you want make CloudFront for example.com Do the following steps:
1) Create a subdomain for your application us.example.com
2) Create distribution with the Origin to us.example.com it will give you a domain name like this d2uhnp5egk65ug.cloudfront.net
3) adjust settings for your naked domain to point to your cloud front distribution d2uhnp5egk65ug.cloudfront.net.
Now by using CNAME example.com can point to distribution d2uhnp5egk65ug.cloudfront.net that might have multiple origins in the backend like "us.example.com" and "uk.example.com"