I got a record set in Route 53 redirected from api.domain.com to a load balancer for component X.
Now I got multiple components so I want to be able to do api.domain/auth which redirects to the auth load balancer. How would I configure this in Route 53 and is this even possible?
/auth is the path component of an HTTP URL. Route53 is a DNS service that has no awareness of the application layer. You cannot use Route53 to handle this redirect. A few other options to accomplish this:
Point api.domain.com to an Apache httpd or Nginx service that can perform path-based routing
Use the new AWS API Gateway Service to perform the routing. You'd point api.domain.com at your API Gateway URL, then set up methods in the API gateway to route /auth to the appropriate service
Related
I have a domain company.com, in route 53 I successfully created sub-domain sales.company.com. I have a load balancer running a service with a context root path(e.g. rootpath). I can access the app using loadbalancerdns/rootpath. I tried to create an A record in route 53 to point sales.company.com traffic to loadbalancerdns/rootpath but it does not allow it but if I point to loadbalancerdns then it works and I can access the service using sales.company.com/rootpath.
My question is it possible to route sales.company.com to loadbalancerdns/rootpath ? If not how can this be achieved?
You can't do this. Route53 is DNS provider and it does not have a concept of an url path. You can only create records to full odmains sales.company.com (not sales.company.com/url-path or IP addresses.
You can create path based routing in your application load balancer using listener rules, or front your load balancer with CloudFront. The CloudFront allows you to respond differently to different paths in your url.
My load balancer is responsible for two backend services. When the load balancer has the default URL mapping, the SSL certificate works fine. Unfortunately, I want to route all paths with /api/* to different backend service and doing so messes with https for my website.
After this change, the HTTPS on the address bar is slashed and my website is not secure.
I made a AWS Load Balancer for a simple ECS fargate server (with flask). Because the server will be used as my main server's api, and because the main server use 'https', I have to use https on my Load Balancer's url.
But when I want to make SSL certificate using ACM, I can't verify the URL of Load Balancer is mine because the load balancer has any information (I think).
If I add my email info on the url(or Load Balancer), I can do this, but I have no idea..
Until now, I thought using AWS Route 53 can help me, but I don't know what I have to do.
What Can I do for this problem?
To use ACM you need to have control of the domain you're attempting to validate, as the load balancer URL is owned by Amazon (not yourself), only an Amazon employee with domain control is capable of performing the actions to validate the domain.
Instead you would need to generate an ACM certificate for your own domain which you can validate, you would then need to add a DNS record resolving the domain to the CNAME of the load balancer. When you access in the browser you would need to access from that domain and not the load balancers.
I am attempting to add HTTPS to my AWS Elastic Load Balancer.
I obtained a certificate through AWS Certificate Manager:
I have enabled HTTPS on the load balancer:
I made sure the security group for the load balancer accepts 0.0.0.0/0 on 443:
When going to my domain on HTTP, it works.
However, when trying to load my domain with HTTPS, it does not work ("ERR_CONNECTION_TIMED_OUT")
EDIT and UPDATE:
It is the API that I am attempting to get HTTPS working for, not necessarily the domain. The domain serve's a static file (angular web app) from S3, and it is angular that is calling the load balancer (to transfer the request to an EC2 instance) for DB data.
When angular calls the api directly via the load balancer domain name over HTTP, the request responds as expected.
When angular makes the same api call over HTTPS, I get the following error:
You enabled HTTPS for your domain name, not the ELB domain which Amazon owns. You can only create SSL certificates for domains that you own. You can't enable SSL for "mydomain.com" and then excpect that to somehow work on a completely different domain. You need to change your AngularJS code to reference the API by your custom domain name which you have created an SSL certificate for. You need to point the domain to the ELB and install the SSL certificate for the domain on the ELB.
Mark B provided the almost full solution.
As my javascript code is calling the elastic load balancer (ELB) via it's DNS name provided by AWS, I can't obtain an SSL certificate for the domain I don't own.
As Mark B pointed out, I need to point my javascript code to the domain I do own, and have an SSL cert for.
So I can create a sub domain (e.g. api.mydomain.com) of the domain I own that then points to the ELB.
An A Record (e.g domain pointing to an IP) looks like it could fit the need.
However, an A Record can't point to the ELB because it's IP could change.
The missing step was to use AWS Route 53 to point the A Record to an alias (Route 53 allows you to do this) that represented my AWS Elastic Load Balancer.
I'm trying to set up a web server stack in the following way:
Use Route 53 for my DNS
Serve static content with Cloudflare from S3 buckets
Route API calls to nearest NGINX server that sits in front of some Nodejs servers.
So all static content is done easily enough but how can I route my api traffic to the nearest NGINX server depending on location?
you want geolocation routing for the api endpoints:
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-geo