AWS Route 53, naked domain automatically routes to www - amazon-s3

I have hosted a static website on S3, with Cloudfront distribution using the "Hosting a static website" quick start option on AWS.
I added an A record (alias) to the cloudfront distribution for the apex, and added another A record (alias) to the same distribution for the www subdomain.
soyou.co redirects to www.soyou.co and fails with an error. The cloudfront distribution url works fine. I purchased the domain in Godaddy, and added the Amazon Name Server (NS) records in Godaddy.
Where could I be wrong? Thanks in advance.

For the www subdomain you need to add a CNAME record pointing to your domain name. Delete the A record alias for the subdomain.

Related

How to force CloudFront CName to handle non-www requests?

I'm new to CloudFront and was wondering how to force it to redirect. In Apache it's just through Virtual Host, but with CloudFront, I'm confused how to do it.
Here is my scenario
NameCheap
CNAME | www | random12345.cloudfront.net (where my site files are)
AWS
ACM - requirement for CloudFront for custom SSL (N.Virginia)
Domain Name: sample.com
Additional Domain Name(s): *.sample.com
CloudFront Distribution
Domain Name: random12345.cloudfront.net
CName: sample.com
*.sample.com
Result
WORKED: https://www.sample.com | www.sample.com
NOT WORKING: sample.com | https://sample.com | http://sample.com
Typing these in the search bar results to Error: This site can’t be reached sample.com’s server IP address could not be found. DNS_PROBE_FINISHED_NXDOMAIN
I attempted to create an S3 bucket to force redirect to https://www.sample.com
but can't create since CNAME www.sample.com is already used for the CloudFront Distribution. Can't use # in CNAME since it is not recommended on root configuration due to its effect on MX records
Thanks a lot.
You have to following step for redirecting non-www domain to www :
Note: www.example.com bucket should have code and example.com will be empty bucket only configuration mention below.
Create example.com S3 bucket.
Go to S3 bucket properties -> Static website hosting then select Redirect request add value as www.example.com
Set Bucket policy and CORS same www.example.com bucket
Create CloudFront for example.com use origin as example.com.s3-website-us-east-1.amazonaws.com not which selection dropdown giving.
Select user *.example.com ACM for https
Then create Route53 Entry for this example.com as A record select respective CloudFront origin for example.com.
This domain is transferred to AWS if you don't want full NS record then only move A record to AWS.
Then you are done.

Is there any configurations needed to my route 53 service when adding an SSL to my cloud front distribution?

I have built a git backed static site that lives in an S3 bucket and is updated with a Code Pipeline. The site is fully hosted on AWS. The Route 53 name servers point to the S3 bucket but I have recently created a Cloudfront distribution that points to the S3 bucket so I am able to have a SSL certificate. The problem is I believe when you go to the sites url it still points to the S3 bucket and not the Cloudfront distribution. Could this be due to a Route 53 config issue?
The SSL certificated is ACM are active and hosted in (US East)N. Virgina and have been added to the custom SSL certificate in the Cloudfront distribution.
the Cloudfront distribution origin is the S3 bucket with it being "domainname.s3.amazonaws.com" (there are two distributions one for domainname.com and www.domainname.com pointing to each bucket respectivley.
I know a common fix for this is to wait for cloudfront to find the bucket and so I have waited 24 hours before asking the question.
If there is any more information I need to provide please let me know I have tried to proved as much as possible but there is something I am probably overlooking.
Seems like you have to update your Route53 configuration.
As the docs say:
If you want to use your own domain name, use Amazon Route 53 to create
an alias record that points to your CloudFront distribution. An alias
record is a Route 53 extension to DNS. It's similar to a CNAME record,
but you can create an alias record both for the root domain, such as
example.com, and for subdomains, such as www.example.com. (You can
create CNAME records only for subdomains.) When Route 53 receives a
DNS query that matches the name and type of an alias record, Route 53
responds with the domain name that is associated with your
distribution.
You can also check your domain whit a nslookup or dig and see what does the domain resolve, that way you can ensure if it is pointing to your CloudFront distribution
nslookup yourdomain.com
The result of the dig / nslookup should show you something like:
<hash>.cloudfront.net. and that resolving to multiple IP addresses

HTTPS in S3 (only the HTTPS is working in the cloudfront domain, but not on the one defined)

i imported my certificate to the "Certificate Manager" and it indicates my domain and everything in the "details section".
After having done everything in the cloudfront part, it gives me the cloudfront domain which it loads with HTTPS, but the main domain does not.
Why is that?
cloudfront domain: d6y63izpha76j.cloudfront.net
on the cnames i added my domain: which is hackerload.com .
but there are no results at all.
Any kind of help is appreciated.

Point non www domain to existing cloudfront distribution

I'm using AWS S3 and Cloudfront to host a website (e.g. www.company.com). I want to additionally have the the naked domain (without the www) to point to the same content. I initially created a redirect in DNS but https://company.com didn't work.
I can create an apex record for the naked domain in the DNS but can I point it to the same cloudfront CNAME used for the www.company.com or do I have to create a new S3 bucket and new cloudfront distribution?
S3 to CloudFront Distribution
Create two CloudFront distributions
Request for Certificates from AWS Certificates Manager
Create CNAME with Route 53 and point the alias target to the respective distributions
Create Origin in both distributions pointing to that S3 bucket
Hope it helps.
Another solution using only one Cloudfront distribution, if redirecting company.com to www.company.com is acceptable (usually it's preferred).
Create an S3 bucket named company.com
Configure the bucket for static website hosting. Choose "Redirect requests for an object" and enter www.company.com.
Update your DNS a record to point to the bucket.

Heroku SSL DNS Settings

I am using Namecheap for domain registration and for DNS, and using Heroku for hosting. I have purchased an SSL certificate through Namecheap and set it up with Heroku, and have it nearly working perfectly.
Currently, I have a DNS CNAME record with host "www" pointing to "[whatever].herokussl.com.", and a "#" host record set to URL Redirect (301) to "http://www.[domain].com".
My app itself forces all HTTP traffic to redirect to HTTPS, so "http://www.[domain].com" goes to "https://www.[domain].com".
I am getting the following results:
http://www.[domain].com - properly navigates to site as HTTPS
https://www.[domain].com - properly navigates to site as HTTPS
http://[domain].com - properly navigates to site as HTTPS
https://[domain].com - **does not** navigate to site, and instead the browser cannot find the page
I believe this has to do with how the URL Redirect behaves behind the scenes. I had originally done this as CNAME record pointing directly to "[whatever].herokussl.com.", but apparently doing that on the zone apex blocks MX records...
What do I need to do to get the desired behavior? I simply want all naked or "www" domains to point to my "www" domain.
UPDATE: More information regarding my DNS settings
HOST NAME IP ADDRESS/URL RECORD TYPE
--------- -------------- -----------
# http://www.[domain].com URL Redirect (301)
www [whatever].herokussl.com. CNAME (Alias)
My SSL certificate was not a wildcard, just an EssentialSSL certificate from Comodo. I'm fine if only www.[domain].com works (with a redirect from the naked domain), although when I was using a CNAME for both the apex and "www", it was working as a naked domain with SSL just fine.
If you use DnsSimple, you can use their ALIAS record feature.
The DnsSimple ALIAS record is not a standard DNS record type, and is not the same thing as a CNAME record. Rather, DnsSimple supports it in a special way, by performing the DNS resolution for you and returning to your browser the results. This is different from all other DNS records, where the DNS server performs no processing but simply returns the record to your browser on-demand.
There may be other DNS vendors with their own similar features.
However, with only vanilla DNS, HTTP-only 3xx's from your nameserver, and Heroku, there is no way to get SSL to the zone apex (the domain name with no www.).