cloudfront showing "The request could not be satisfied 502 error" when trying to connect to ec2

Question

I am trying to point CloudFront for my ec2 machine.

under origin, I am giving the public DNS name of the ec2 :(e.g. ec2-52-64-xxx-xxx.ap-southeast-2.compute.amazonaws.com)"

But I am getting this error:

I have opened 443 port also open on my ec2.

How can I solve this error?

Answer 1

Based on the chat discussion.

The application on the instance works over HTTP and port 80. It does not server HTTPS traffic in itself. So if you want to use the current setup with CF, you need to allow port 80 (not 443) and in CF using HTTP for origin protocol (not HTTPS). The way this works is that HTTPS and SSL will be only between client and CF, not between CF and your instance:

client----(HTTPS:443)--->CF----(HTTP:80)---->EC2 instance

As you can see above, there is a security issue. All traffic between CF and your instance will be in pain text over the internet. To rectify this, you need to add HTTPS to your instance. There are two ways for that:

1. Add load balancer in-front of your instance, and deploy custom domain on it with SSL from ACM and HTTPS listener. So the traffic will be:

client----(HTTPS:443)--->CF----(HTTPS:443)---->ALB---(private HTTP:80)--->EC2 instance

2. Setup SSL on your instance directly. For this you can't use ACM (except when your instance is enclave). Instead, you have to use third-party SSL provider. Common choice is https://letsencrypt.org/. Then you setup your Apache with the SSL certificate to serve HTTPS traffic. Subsequently, you will have:

client----(HTTPS:443)--->CF----(HTTPS:443)---->EC2 instance