I am new to amazon cloudfront and learning about it. I want to create cloudfront distribution but not using amazon S3 bucket as origin domain name.
I want to use rails server as origin domain name.
I did some research online but i couldnt find any example
Any idea?
Yes, you can!
Simply create a new origin and enter the appropriate URL into the Origin Domain Name field. The pop-up help explains:
Click in the field and specify the domain name for your origin - the Amazon S3 bucket or web server from which you want CloudFront to get your web content. To use a resource from a different AWS account, type the domain name of the resource. The files in your origin must be publicly readable.
While that field appears as a pull-down list of S3 buckets and Load Balancers, you can enter a custom domain, too.
From Using Amazon EC2 or Other Custom Origins:
A custom origin is an HTTP server, for example, a web server. The HTTP server can be an Amazon EC2 instance or an HTTP server that you manage privately. When you use a custom origin, you specify the DNS name of the server, along with the HTTP and HTTPS ports and the protocol that you want CloudFront to use when fetching objects from your origin.
Related
I did a search in the aws docs and couldn't find anything that could help me to setup a cloudfront distribution for a non aws origin server to secure my domain with https. I'm using route 53 to manage my dns for the domain, I'd like to setup https for the domain but it is not hosted with aws. How can I use aws to create a secure domain with https?
Update: I've created the cloudfront distribution and set the alternative cnames to the domain (example.com and www.example.com). In Route 53 I updated the A record for the domain - example.com - to be an alias and pointed it to the cloudfront distribution, but when I try to access the site I get page not working error. The domain does now have he secure padlock, but I can't access the site. Here is the error that I get when I access the site:
The simplest way is to use a CloudFront distribution in front of your non AWS endpoint. This endpoint would be configured as a custom origin endpoint.
You would need to generate or upload a certificate to ACM to attach to the resource. This must be done before you can use the distribution on your own domain, if you don't have it when you create the distribution you will need to edit it later.
The AWS documentation includes documentation for Creating a Distribution. If you follow this and reference your endpoint as the custom origin you will be able to create the host.
You will need to ensure you configure the Origins Origin Protocol Policy option to be HTTP Only if your host does not have a HTTPS certificate.
Be aware that as the CloudFront distribution communicates with your endpoint over the internet, any traffic between CloudFront and your endpoint will still not be encrypted.
The following services are activated:
a S3 bucket in ap-east-1 where my static web pages are saved,
a domain name registered on Route 53,
a SSL certificate requested via Certification Manager at us-east-1,
a CloudFront distribution for enabling HTTPS access to my web pages.
It is stated in this page that a single SSL certificate should suffice if CloudFront is used.
When I navigate to my URL https://www.example.com in Chrome, the following error is returned.
How to make my pages globally accessible via HTTPS?
Update
It seems that the behavior of S3 buckets in ap-east-1 is different from the buckets located in other regions as stated in my follow up question.
It is saying that the URL provided for S3 included the wrong (or no) region.
You should use the format:
bucket-name.s3.region.amazonaws.com
You are probably missing the region.
See: Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions - Amazon CloudFront
I have a domain, let's say foo.bar.com, which I want to use to serve files in an Amazon S3 bucket. According to https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html, the bucket name has to be foo.bar.com and the URL foo.bar.com.s3.amazonaws.com for the CNAME record for foo.bar.com (pointing to foo.bar.com.s3.amazonaws.com) to work.
Unfortunately, Amazon's SSL cert doesn't support foo.bar.com.s3.amazonaws.com (I mean, why would it, I guess), so I can't serve my files like this over SSL, I get an SSL warning/error. I can use plain HTTP but I get Mixed Content warnings in Chrome since the main site is over SSL.
How should this issue be dealt with?
The only way to have both a Custom domain name and SSL on a bucket is to use CloudFront in conjunction with S3.
Create an SSL cert for your domain foo.example.com in Amazon Certificate Manager (ACM) in the us-east-1 region, regardless of your bucket's region. (The us-east-1 region is the region where CloudFront and ACM are interconnected.)
Create a CloudFront distribution:
if you want the S3 web site hosting features, including index documents and redirect rules, type the bucket's web site hosting endpoint hostname as the origin domain name (do not select the bucket from the list), or
if you want to use CloudFront signed cookies or signed URLs, do select the bucket from the drop-down list.
Associate your new ACM cert with the distribution, and add foo.example.com as an Alternate Domain Name for the distribution.
Point the DNS record to the assigned dzczcexample.cloudfront.net hostname.
Note also that unlike S3 static hosting used by itself, this configuration does not require that the bucket name match the domain name, since CloudFront rewrites the requests before sending them to the bucket.
I'm planning offloading assets to Amazon S3 with Amazon Cloudfront on top of that. I'm planning on registered a new domain name for that. Now I wonder whether I can tie a subdomain to Amazon Cloudfront, while pointing other subdomains to another server, as follows:
https://assets.example.com > Cloudfront
https://www.example.com > Another server
Additionally, would it be significantly easier to set this up through Amazon Route 53 in combination with Amazon Certificate Manager for the above purpose?
Subdomains are treated as completely separate domain names, so you can certainly point them to different destinations.
Alternatively, you could use one domain name but configure Amazon CloudFront to point to different origins (eg S3 and a Load Balancer) based upon the path used, eg:
example.com --> Load Balancer
example.com/images --> Amazon S3 bucket
I note that you are intending to use HTTPS. A few things to note:
Pointing directly to an Amazon S3 bucket with your own domain name will not work with HTTPS
Amazon CloudFront can support HTTPS via:
xxx.cloudfront.net = Free
Using Server Name Indication (SNI) = Free, but does not work with some browsers/Operating Systems
Custom Domain Name = $600/month
See: Using HTTPS with CloudFront and Amazon CloudFront Custom SSL
I try access to Amazon AWS S3 with https.
This link with http works: http://sc-st01.s3-website-eu-west-1.amazonaws.com/
But this not: https://sc-st01.s3-website-eu-west-1.amazonaws.com/
Is there any setting to enable it?
I use CNAME also but i think the problem is in access to https.
Thank you for any advice.
UPDATE: This refers to using S3 to host static web content.
If you are using your S3 bucket to host static web content, then HTTPS isn't supported. To quote the AWS doc, it says under the Test your website section:
Note
HTTPS access to the website is not supported.
Not very helpful. If you are interested in learning how S3 virtual hosting works, you can read more about it here.
To serve your static web content over HTTPS, you will need to set up an AWS CloudFront distribution, which is quite straight forward via the AWS Management Console. The only configurations that will require special attentions are:
Origin Domain Name: This should refer to the URI of your S3 bucket. In your case, it will be sc-st01.s3-website-eu-west-1.amazonaws.com
Viewer Protocol Policy: Default to HTTP and HTTPS Only
Alternate Domain Names (CNAMEs): CNAME you set up in your DNS.
SSL Certificate: Either Default CloudFront Certificate or Custom SSL Certificate if you have one. Note that setting up custom SSL certificate is more involved as it needs to be uploaded to the IAM.
Default Root Object: The default file you want to serve when your user visits your static web site.
Once you're done with setting up the configurations, it will usually take 5 to 10 minutes for the new distribution to be fully configured and set up. Refer the Status field on the CloudFront management dashboard for progress. When ready, you will see the new Domain Name of your distribution. You should be able to access the static web content in your S3 bucket (assuming that the permissions of the content is granted to Everyone) by navigating to the http: or https:// URL of your distribution Domain Name.
I will also recommend checking out the CloudFront pricing to ensure if you are aware of what is free, and what isn't.