Join Log in
Score:0
sipher_z avatar Server

AWS ALB and Cloudfront routing 502

ph flag
sipher_z

Slight AWS newbie here.

I have just taken over a new application in AWS that has an ALB (routes traffic to ECS). The ALB has an SSL certificate and some default DNS records in Route53.

I have created a distribution in Cloudfront and selected the ALB as origin (Domain Name), but getting a 502 when hitting the Cloudfront distribution URL, which I'm guessing is correct? I selected "HTTPS Only" as i want all traffic to be secrure between Cloudfront and the ALB.

Do I need create an additional SSL cert for Cloudfront

I also want the domain name attached to the ALB (example.domain.com) to be using the Cloudfront setup. Do I need to create any additional DNS records in Route53, like an alias to route traffic to?

Thanks

615
1 + 1
vivek avatar
de flag
vivek
Could you please confirm which solution helped you? I am facing the same issue
0
Reply
Score:0
Hassan Sohail avatar Server
cn flag
Hassan Sohail

To achieve this, please follow the instructions.

ANS1: Yes, you need to create Additional SSL in US East (N. Virginia) Region

ANS2: Yes, you need to create Additional DNS records in Route53

Soultion1:

  1. Follow the link and create SSL certificate in US East (N. Virginia) Region because if you wnated to use SSL with cloudfront , you have to create SSL in US East (N. Virginia) Region because that is limitation by AWS to create SSL in that specific region. This link explain the solution.

Soultion2:

  1. Follow the link

    yourDomain.com. A ALIAS your-aws-alb-alias subdomain.yourDomain.com. A ALIAS your-aws-alb-alias

How to Creating CloudFront distribution with ALB as an origin?

  1. Go to CloudFront Console.

  2. Click “Create distribution”.

  3. Choose our new Application Load Balancer as an origin and Protocol: HTTPS only. enter image description here

  4. Select Viewer protocol policy: “Redirect HTTP to HTTPS”. enter image description here

  5. (Optional) You can select Caching disabled for Dynamic content and then create a caching policy for specific folders that you want to cache in CloudFront Edge locations. Then select Origin request policy: AllViewer. enter image description here

  6. Add a domain name to Alternate domain name (CNAME). Also add subdomain name here as well against “Add item” against which you want to record in Route 53. Note: Wildcard “*” doesn’t work.

  7. Choose the SSL certificate from ACM. The certificate has to be in the N. Virginia region (us-east-1). Also certificate should be valid for sub domain as well.

enter image description here

  1. Click “Create distribution” and wait a couple of minutes for our CloudFront distribution to be deployed.

How to Create Route 53 domain records for CloudFront distribution?

  1. Open Route 53 console and go to the hosted zone.
  2. Click “Create records”.
  3. The routing policy should be simple routing. Select Route traffic to: Alias to CloudFront distribution and URL of the CloudFront distribution. enter image description here

4. It can take some time to propagate these DNS settings.

+ 4
sipher_z avatar
ph flag
sipher_z
Hi @hassan-sohail. Does the subdomain need to point to the ALB or the cloudfront distribution? Everything is already directly going to the ALB, but I want to have Cloudfront infront of it
0
Reply
Hassan Sohail avatar
cn flag
Hassan Sohail
I would suggest you to make simple diagram by explaining what you want. What is your end goal? You can attach subdomain to ALB and CloudFront as well, but in your question, it i snot clear what you wnated to do.
0
Reply
sipher_z avatar
ph flag
sipher_z
I currently have an ECS cluster that is behind an ALB. The ALB has a cert already and I'm trying to configure Cloudfront to sit in front of the ALB. I have created the CF distribution and set the ALB as the origin. I've created a subdomain and the A record is now an alias with CF, but the site doesn't seem to be running through CF. How do i confirm that the site is hitting Cf first?
0
Reply
Hassan Sohail avatar
cn flag
Hassan Sohail
I edited my answer, if it helps, please mark it accpeted. If you follow this approach, you will not follow any error.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.