Configure Cloudfront with multiple s3 origins using different domains - amazon-s3

How can I configure a Cloudfront distribution to use multiple s3 origins with same hierarchy but using different domain names?
Currently I have a Cloudfront distribution with a distribution domain name for example xyz.cloudfront.net.
The distribution has been configured to use an alternate domain e.g. assets.example.com and to serve content using that domain I've added cname record in my DNS management console that maps assets.example.com to xyz.cloudfront.net.
Now this set up works fine when serving content from a single s3 origin as i can call something like assets.example.com/images/my-image.png
However I want to configure 3 s3 origins as follows which have identical hierarchies i.e. they all have an images folder:
dev-bucket.s3.eu-west-2.amazonaws.com
test-bucket.s3.eu-west-2.amazonaws.com
live-bucket.s3.eu-west-2.amazonaws.com
If I've configured assets.example.com to map to the distribution xyz.cloudfront.net, how is cloudfront going to know which origin to serve from?
basically if im running the dev website i want cloudfront to serve content from the dev origin and if im running the test site then i want it to serve using the test origin.
The only way i can see how can i achieve this is creating 3 different cloud front distribution for each environment and map different domains to the distribution e.g. assets-dev.example.com, assets-test.example.com and assets.example.com for the live site.
Any advise appreciated.

Related

How to load part of section directly from Akamai to AWS S3 without requesting the origin server?

I have one website, which is deployed on AWS instance and we have Akamai CDN. We are storing data in S3. We have few modules which do not require any processing from the web server and that can be directly served because those are pure static files say (RSS). Is there any way to load some links directly from Akamai to S3 without requesting the origin server?
For example, http://www.example.com/rss/1000.rss, can this /rss/* directly be configured in Akamai luna to load it from relevant S3 URL?
We tried sitefailover but it does not support the non property URLs Host names.
Create a new rule in Property Manager.
Add a match criteria, for /rss/*.
Add an Origin Server behavior.
Notes:
Set the Forward Host Header to Origin Hostname.
Set the Origin Server Hostname to a hostname that maps to your S3 bucket (replace yourbucket).
Make sure the files in the S3 bucket are publicly readable (public-read ACL).

Hosting multiple S3 origins under one CloudFront distribution

Is it possible to host multiple S3 origins under the same CloudFront distribution? Let's say I have bucket A and bucket B which both host static websites--could I add them both as origins to a distribution, and specify a path e.g. /alternate for the origin from bucket B so that visiting http://<distribution>/ took you to the website hosted by bucket A and visiting http://<distribution>/alternate brought you to the one hosted by bucket B? From what I've read so far it seems possible to have multiple origins, not necessarily multiple S3 origins.
You can add multiple S3 origins to a CloudFront distribution
However, behaviors are locked to a specific origin. Behavior controls the path. So, if /static is used by Origin A/S3 A, you can't have /static go to /Origin B/S3 B
Someone suggested using multiple CloudFronts with the same CNAME. That does not work either. CloudFront will not allow the same CNAME to be used in multiple distributions.
Academically speaking, this may be possible through LambdaEdge or some other external process that is checking S3 A, and if it is unavailable (say - under maintenance while new code being pushed), it can go and update CF Behavior for /static to Origin B/S3 B.
I wish AWS came up with a more elegant solution to this use case. Like allowing same CNAME in multiple distributions, or providing some kind of R53 integration with S3 buckets (never tried putting two different S3 buckets behind R53 .. probably will not work because the host header would change)
You can attach a Lambda function as a trigger to intercept CloudFront's routing. The implementation is quite involved; but would permit your specific use case.
Example Implementation:
https://aws.amazon.com/blogs/networking-and-content-delivery/dynamically-route-viewer-requests-to-any-origin-using-lambdaedge/
Lambda#Edge:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-edge.html

How can I host my website on an EC2 Server using Apache but host my images on S3 under the same sub domain?

So I have my website hosted on an EC2 server running apache. All works fine and well.
The issue I'm having is that I want my images hosted on S3 (and possibly cached on CloudFront), not on my EC2 server, but want both accessible under the same domain/subdomain.
For example say my website is www.helloworld.com. I want my images to be accessible at www.helloworld.com/images/foobar.png. I want foobar.png to be hosted on S3 and not each one of my EC2 servers though. How can I go about doing this?
Is there and configuration I can do in the AWS console or are there any rewrite rules I can use in Apache? I know I could always just set up a controller that will download the images from S3 and forward them to the user, but this seems wrong to me.
For that you need to put a load-balancer/proxy in front to intercept all requests and dispatch accordingly. That may not be a bad idea anyway (for availability reasons), but a separate host name for images should not be a problem, either (it's not like users will have to see or type those URL).
Using CloudFront, you can have CloudFront receive the initial requests, then based on the path, forward the request to either your EC2 instance or to your S3 bucket.
For example, you could setup the following:
A CloudFront behaviour that upon a path under /images/ would use an S3 origin, and
A default (for everything else) would go to your EC2 instance origin.

Is it possible to setup DNS for s3 using multiple buckets for a single domain?

Is there a way to use another bucket name when hosting a site (or indeed any content) than just www.example.com.s3-region.amazonaws.com? I want to use multiple buckets so that when I update the site I can rollback a version if problems arrise and so that updates are an atomic switch between site versions. I only want one bucket used for a domain at a time.
I.e. something like
Bucket Names:
www.example.com.bucket1
www.example.com.bucket2
Procedure:
www.example.com currently points to -> www.example.com.bucket1.s3-region.amazonaws.com
New site version is uploaded to www.example.com.bucket2.
Once verified DNS is changed so that www.example.com points to -> www.example.com.bucket2.s3-region.amazonaws.com
This should not work because S3 looks at the hostname of the request (www.example.com) to find out what bucket you're trying to access so the bucket has to have the same name.
But it is possible to achieve what you want with Amazon CloudFront. There are two options:
You can create a single distribution and only update the origin of it (the S3 bucket).
You can create two different distributions and update the DNS settings to point to the desired distribution. You would also need to update the CNAME properties in both of the distributions (remove www.example.com from the old distribution and add it to the new one).

Cloudfront dist on top level domain

Is it possible to point a top level domain like http://example.com to a amazon cloudfront distribution?
I know it's possible with CNAMEs, but as far as I know, I need to set an A-name record for the top level domain in the DNS settings.
As explained by #dgeske, this can be done.
In my case, I had not purchased the domain from Route 53, and hence had to do extra configuration.
Scenario: You have the following
Cloud front distribution
A second-level domain (example.com) not purchased from Amazon Route 53. It was Google domains in my case, but the idea will work for other providers also.
You want to point the second-level domain (example.com) to the cloud front distribution (as opposed to a subdomain like www.example.com)
Your nomenclature is slightly inaccurate. example.com is not a TLD (top-level domain), it is what is called a second-level domain. See the following image.
Steps to do this.
Create a hosted zone in Route 53.
Route 53 will now give you a list of name servers that you have to set in the domain settings panel of the provider from which you purchased the domain (Google domains in my case).
Go back to Route 53 dashboard, and create an A - Alias record for this hosted zone (use create record set option). Remember to select 'Yes' radio button. Make sure you leave the subdomain part empty (since we are only interested in creating record for second-level domain).
Now you should be able to access your cloudfront distribution at http://example.com.
Depending on your DNS server, it may take a while to get records updated.
You may configure your system to use a public DNS server such as 8.8.8.8 to verify if you are able to access the cloudfront distribution using the URL. I used firefox's DNS over https feature for this. This makes firefox use cloudflare's (not cloudfront) DNS servers. You can also use dig command line utility dig #8.8.8.8 example.com (My domain was fightcoronapune.com, hence, dig #8.8.8.8 fightcoronapune.com) (telling dig to use 8.8.8.8 DNS server to resolve names)
You may additionally get Access Denied error, in which case you will have to configure the default root object for your cloudfront distribution. So that when you visit http://example.com the file http://example.com/index.html is served to you (assuming you specified index.html as default root object). This error has nothing to do with the steps we did above, and you will still get this error even if you directly use your cloudfront distribution's URL given by Amazon (eg. when you go to http://abcd.cloudfront.net directly, instead of going to http://example.com).
Q. Can I point my zone apex (example.com versus www.example.com) at my Amazon CloudFront distribution?
Yes. Amazon Route 53 offers a special type of record called an ‘Alias’ record that lets you map your zone apex (example.com) DNS name to your Amazon CloudFront distribution (for example, d123.cloudfront.net). IP addresses associated with Amazon CloudFront endpoints vary based on your end user’s location (in order to direct the end user to the nearest CloudFront edge location) and can change at any time due to scaling up, scaling down, or software updates. Route 53 responds to each request for an Alias record with the IP address(es) for the distribution. Route 53 doesn't charge for queries to Alias records that are mapped to a CloudFront distribution. These queries are listed as “Intra-AWS-DNS-Queries” on the Amazon Route 53 usage report.
Source: Amazon Route 53 FAQs
My understanding is that you cannot create an A record for Cloudfront.
Amazon provides you with a domain name like YourName.cloudfront.net. They need to manage the DNS resolution for that domain name behind the scenes in order to route each request to the nearest edge server.
you can if you add alias in cloudfront
then select A or AAAA(ipv6 if enabled on cloudfront)