Reputation: 1626
AWS cloudfront not working with custom domain
I am trying to use cloudfront for static website s3 with my custom domain. Following are the steps I followed:
1) Setup a s3 bucket (say, example.com) and enabled static website hosting on it.
2) Also setup a s3 bucket (www.example.com) which redirects to example.com.
3) In route 53, added a hosted zone (example.com) and added the record sets.
4) After this, http://example.com works for me.
Now I am trying to add cloudfront to it. I added the following steps:
5) From Amazon Certificate Manager, added a certificate for www.example.com and got it verified (added to Route 53 DNS, it was verified automatically after some time).
6) Created a cloudfront distribution with following settings:
Domain Origin: www.example.com
Origin Protocol Policy: HTTP Only
Alternate Domain Name: www.example.com
SSL Certificate: Selected from ACM
When I try to launch: https://example.com or https://www.example.com, the site doesn't load. http://example.com does load, but I am not sure if cloudfront is actually working on this or not. Also why is https not loading?
Upvotes: 3
Views: 4693
Answers (2)
Reputation: 442
To setup the S3 bucket behind the CF distribution WITH SSL you need to:
- Setup S3 bucket
example.com(Block all public access = off, policy https://d.pr/i/KU1Q4z) - Create certificate in ACM issued at
example.comand*.example.com(or specific subdomain at will), validate it - Create CF distribution
- Set created CF alternate domain names to:
example.com*.example.com(other subdomain here) - Use custom SSL certificate (previously created and validated)
- Create/change default origin, to:
example.com.s3-website-AWS_REGION.amazonaws.comwith origin protocol policyHTTP Only - CF Default origin behaviour should be more-less like this: https://d.pr/i/h6PrG6
- In Route 53 set CF A ALIAS for
example.comand CNAME for*.example.com(or other subdomain) pointing atCF_DISTRIBUTION_ID.cloudfront.net
Upvotes: 7
Reputation: 29305
you need to go into rt 53 and point the domain at your cloudfront distribution. It won't appear as an option unless you've set the domain as an alternate domain in the distribution settings. Also, that cert won't work for anything except www.example.com, meaning example.com is excluded. you need a cert that includes example.com and www.example.com (or *.example.com to cover all subdomains)
Upvotes: 2
Related Questions
- Custom domain for API Gateway returning 403
- AWS: How to configure Cloudfront for Custom Domain Names
- Domain Name without "www" does not work for CloudFront
- Custom DNS for Cloudfront returns 403
- AWS Cloudfront alternate domain name 403 forbidden
- How to prevent direct access to cloudfront domain name and instead only via custom domain
- AWS Cloudfront with custom domain routing
- Custom URL to AWS Cloudfront URL returns 403
- AWS Cloudfront and S3 redirects lose custom domain name
- AWS: Cloudfront and EC2 on single domain