I have a Cloudfront distribution with three origins. The first origin is a s3 bucket (Angular App) with "" as path pattern in the behaviour, the second origin is a load balancer (WordPress App) with "/test/" as path pattern in the behaviour, and the third one is the same load balancer with "/test". I expect to have this behaviour:
mydomain.com/* > s3 bucket
mydomain.com/test > load balancer
mydomain.com/test/* > load balancer/*
I think Cloudfront has a bug because, I get this behaviour:
mydomain.com/test > load balancer/test (which does not exist)
mydomain.com/test/* > load balancer/test/* (which does not exists)
Why Cloudfront add my path pattern to my origin path?
Related
I have a CloudFront distribution set up to point to an S3 bucket. My S3 bucket has a versioned path for its files (so for example, http://example.s3.us-east-1.amazonaws.com/static/ui/v5.53.3/). I want to configure a cache behavior that only matches the /static/ui/* path, but I want all requests to my origin to have the path /static/ui/v5.53.3. I've tried to set my cache behavior's Path Pattern to /static/ui/* and my origin path to /v5.53.3, but that doesn't seem to work.
How can I configure this with CloudFront?
Origin path
If you want CloudFront to always request content from a particular directory in the origin, enter the directory path, beginning with a forward slash (/). Do not add a slash (/) at the end of the path. CloudFront appends the directory path to the origin domain name.
In your case, origin domain name is example.s3.us-east-1.amazonaws.com. So the request that your origin sees is example.s3.us-east-1.amazonaws.com/v5.53.3/*. This is why it doesn't work.
In fact, as of May 2022, this is not possible to achieve without using Lambda#Edge. You'd have to do a custom URL rewrite in Lambda.
Let's say I have an S3 bucket named example.com and I want to serve its content through CloudFront using an alternate domain example.com.
I've added a CNAME record to direct example.com to the CloudFront endpoint, and secured the domain using an AWS SSL Certificate.
In CloudFront, when I go to select the Origin, it shows my bucket. For example: example.com.s3.amazonaws.com
If I choose this origin, and I browse to https://example.com/my-bucket-item.jpg, I get redirected to https://example.com.s3-us-east-2.amazonaws.com/my-bucket-item.jpg and a "Connection not secure" SSL error appears.
If I set the origin to just the domain example.com then I get a 403 Bad Request error from CloudFront.
From what I understand, my bucket has to share the name of my domain, otherwise I get a "bucket does not exist" error.
I've followed the AWS documentation on this. What I'm doing wrong here?
Update
I successfully got CloudFront to recognize my alternate domain by changing my origin policy to Managed-CORS-S3Origin.
New problem: even though I've selected 'Yes' to 'Restrict Bucket Access', I'm still able to access files via the S3 url. Do I need to turn off public access to my bucket? If I do this, it seems to override my CloudFront policy...
I had to change my origin request policy to Managed-CORS-S3Origin - this solved the general problem for me.
I'm using AWS S3 and Cloudfront to host a website (e.g. www.company.com). I want to additionally have the the naked domain (without the www) to point to the same content. I initially created a redirect in DNS but https://company.com didn't work.
I can create an apex record for the naked domain in the DNS but can I point it to the same cloudfront CNAME used for the www.company.com or do I have to create a new S3 bucket and new cloudfront distribution?
S3 to CloudFront Distribution
Create two CloudFront distributions
Request for Certificates from AWS Certificates Manager
Create CNAME with Route 53 and point the alias target to the respective distributions
Create Origin in both distributions pointing to that S3 bucket
Hope it helps.
Another solution using only one Cloudfront distribution, if redirecting company.com to www.company.com is acceptable (usually it's preferred).
Create an S3 bucket named company.com
Configure the bucket for static website hosting. Choose "Redirect requests for an object" and enter www.company.com.
Update your DNS a record to point to the bucket.
I'm having some difficulties setting up static website hosting using Amazon S3 and Cloudfront.
We have many websites that we would like to serve as static websites using Amazon S3 + Cloudfront and we would prefer to host them all in a single S3 bucket.
Initial setup is pretty straight forward but we are having issues with sub-folder redirects if omitting trailing slash in the URL.
example, setting up a single website from the bucket:
bucket contents for website1:
s3://bucket-name/websites/website1/index.html
s3://bucket-name/websites/website1/about/index.html
I have enabled static website hosting for this bucket with default document set to 'index.html'
I have created a Cloudfront web distribution to serve this single website, default root object is set to 'index.html'.
The distribution has a custom origin pointing to the static website url 'bucket-name.s3-website-us-east-1.amazonaws.com' with Origin Path set to '/websites/website1'
When navigating to the distribution url 'http://example.cloudfront.net' it correctly serves the 'index.html' document from 's3://bucket-name/websites/website1/index.html'
When navigating to 'http://example.cloudfront.net/about/' it also correctly serves the 'index.html' document from 's3://bucket-name/websites/website1/about/index.html'
But, if I omit the trailing slash like 'http://example.cloudfront.net/about' S3 redirects me to 'http://example.cloudfront.net/websites/website1/about/', since I have Origin Path set to '/websites/website1' Cloudfront will request index.html from 's3://bucket-name/websites/website1/about/websites/website1/about/index.html' which does not exist.
Am I missing something here? Is this an impossible setup using only Cloudfront and S3?
I ended up solving it by using routing rules for the S3 bucket
https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
the problem is the redirect caused by omitting a trailing slash results in the Orgigin Path being appended to the full S3 bucket path ("example.cloudfront.net/about" redirects to "example.cloudfront.net/websites/website1/websites/website1/about/" that fails because the path is invalid)
The below routing rule solves this by triggering on the faulty path pattern prefix and redirecting back to the Cloudfront distribution with the prefix stripped from the request, i.e ("example.cloudfront.net/about" redirects to "example.cloudfront.net/websites/website1/websites/website1/about/" that redirects to "example.cloudfront.net/about/")
The downside is that you need to remember to modify the routing rules when adding new distributions
<RoutingRules>
<RoutingRule>
<Condition>
<KeyPrefixEquals>websites/website1/websites/website1/</KeyPrefixEquals>
</Condition>
<Redirect>
<HostName>example.cloudfront.net</HostName>
<ReplaceKeyPrefixWith></ReplaceKeyPrefixWith>
</Redirect>
</RoutingRule>
</RoutingRules>
I am trying to map multiple subdomains on a single cloudfront instance to multiple s3 buckets. For example I have two subdomains www.foo.com and www.bar.com which have cname entries in the dns zone files pointing to the cloudfront instance (xyz.cloudfront.net). In cloudfront I have added both www.foo.com and www.bar.com in the alternatives cnames. I have also created two s3 buckets which are added as origins to the cloudfront instance example s3.foo-amazon.com and s3.bar-amazon.com. Now how do I make sure that for www.bar.com content from s3.bar-amazon.com is requested and for www.foo.com contents for s3.foo-amazon.com is requested?
I think you should create separate CloudFront distributions. Each will have a one CNAME and one origin pointing to the correct S3 bucket.