Set up DNS based URL forwarding in Amazon Route53

Question

I'm trying to setup forwarding in Amazon Route53. My last DNS service (Nettica) allowed me to route requests to "aws.example.com" to "https://myaccount.signin.aws.amazon.com/console/".

Is this functionality supported by Route53?

How does Nettica achieve this? Does it insert a special A, CNAME, PTR, or TXT record(s)?

Creating a Cloudfront distribution with the URL as the origin also works. Just point the domain to the Cloudfront distribution from Route53 and make sure to configure TLS certs correctly. — Deiwin, Sep 22 '18 at 14:01

score 351 · Accepted Answer · edited Dec 24 '22 at 08:56

I was running into the exact same problem that Saurav described, but I really needed to find a solution that did not require anything other than Route 53 and S3. I created a how-to guide for my blog detailing what I did.

Here is what I came up with.

Objective

Using only the tools available in Amazon S3 and Amazon Route 53, create a URL Redirect that automatically forwards http://url-redirect-example.vivekmchawla.com to the AWS Console sign-in page aliased to "MyAccount", located at https://myaccount.signin.aws.amazon.com/console/ .

This guide will teach you set up URL forwarding to any URL, not just ones from Amazon. You will learn how to set up forwarding to specific folders (like "/console" in my example), and how to change the protocol of the redirect from HTTP to HTTPS (or vice versa).

Step One: Create Your S3 Bucket

Open the S3 Management Console and click "Create Bucket"

Open the S3 management console and click "Create Bucket".

Step Two: Name Your S3 Bucket

Name your S3 Bucket

Choose a Bucket Name. This step is really important! You must name the bucket EXACTLY the same as the URL you want to set up for forwarding. For this guide, I'll use the name "url-redirect-example.vivekmchawla.com".
Select whatever region works best for you. If you don't know, keep the default.
Don't worry about setting up logging. Just click the "Create" button when you're ready.

Step 3: Enable Static Website Hosting and Specify Routing Rules

Enable Static Website Hosting and Specify Routing Rules

In the properties window, open the settings for "Static Website Hosting".
Select the option to "Enable website hosting".
Enter a value for the "Index Document". This object (document) will never be served by S3, and you never have to upload it. Just use any name you want.
Open the settings for "Edit Redirection Rules".

Paste the following XML snippet in its entirety.

<RoutingRules>
  <RoutingRule>
    <Redirect>
      <Protocol>https</Protocol>
      <HostName>myaccount.signin.aws.amazon.com</HostName>
      <ReplaceKeyPrefixWith>console/</ReplaceKeyPrefixWith>
      <HttpRedirectCode>301</HttpRedirectCode>
    </Redirect>
  </RoutingRule>
</RoutingRules>

If you're curious about what the above XML is doing, visit the AWM Documentation for "Syntax for Specifying Routing Rules". A bonus technique (not covered here) is forwarding to specific pages at the destination host, for example http://redirect-destination.com/console/special-page.html. Read about the <ReplaceKeyWith> element if you need this functionality.

Step 4: Make Note of Your Redirect Bucket's "Endpoint"

Make a note of your Redirect Bucket's Endpoint

Make note of the Static Website Hosting "endpoint" that Amazon automatically created for this bucket. You'll need this for later, so highlight the entire URL, then copy and paste it to notepad.

CAUTION! At this point you can actually click this link to check to see if your Redirection Rules were entered correctly, but be careful! Here's why...

Let's say you entered the wrong value inside the <Hostname> tags in your Redirection Rules. Maybe you accidentally typed myaccount.amazon.com, instead of myaccount.signin.aws.amazon.com. If you click the link to test the Endpoint URL, AWS will happily redirect your browser to the wrong address!

After noticing your mistake, you will probably edit the <Hostname> in your Redirection Rules to fix the error. Unfortunately, when you try to click the link again, you'll most likely end up being redirected back to the wrong address! Even though you fixed the <Hostname> entry, your browser is caching the previous (incorrect!) entry. This happens because we're using an HTTP 301 (permanent) redirect, which browsers like Chrome and Firefox will cache by default.

If you copy and paste the Endpoint URL to a different browser (or clear the cache in your current one), you'll get another chance to see if your updated <Hostname> entry is finally the correct one.

To be safe, if you want to test your Endpoint URL and Redirect Rules, you should open a private browsing session, like "Incognito Mode" in Chrome. Copy, paste, and test the Endpoint URL in Incognito Mode and anything cached will go away once you close the session.

Step 5: Open the Route53 Management Console and Go To the Record Sets for Your Hosted Zone (Domain Name)

Open the Route 53 Management Console to Add Record Sets to your Hosted Zone

Select the Hosted Zone (domain name) that you used when you created your bucket. Since I named my bucket "url-redirect-example.vivekmchawla.com", I'm going to select the vivekmchawla.com Hosted Zone.
Click on the "Go to Record Sets" button.

Step 6: Click the "Create Record Set" Button

Click the Create Record Set button

Clicking "Create Record Set" will open up the Create Record Set window on the right side of the Route53 Management Console.

Step 7: Create a CNAME Record Set

Create a CNAME Record Set

In the Name field, enter the hostname portion of the URL that you used when naming your S3 bucket. The "hostname portion" of the URL is everything to the LEFT of your Hosted Zone's name. I named my S3 bucket "url-redirect-example.vivekmchawla.com", and my Hosted Zone is "vivekmchawla.com", so the hostname portion I need to enter is "url-redirect-example".
Select "CNAME - Canonical name" for the Type of this Record Set.
For the Value, paste in the Endpoint URL of the S3 bucket we created back in Step 3.
Click the "Create Record Set" button. Assuming there are no errors, you'll now be able to see a new CNAME record in your Hosted Zone's list of Record Sets.

Step 8: Test Your New URL Redirect

Open up a new browser tab and type in the URL that we just set up. For me, that's http://url-redirect-example.vivekmchawla.com. If everything worked right, you should be sent directly to an AWS sign-in page.

Because we used the myaccount.signin.aws.amazon.com alias as our redirect's destination URL, Amazon knows exactly which account we're trying to access, and takes us directly there. This can be very handy if you want to give a short, clean, branded AWS login link to employees or contractors.

All done! Your URL forwarding should take you to the AWS sign-in page.

Conclusions

I personally love the various AWS services, but if you've decided to migrate DNS management to Amazon Route 53, the lack of easy URL forwarding can be frustrating. I hope this guide helped make setting up URL forwarding for your Hosted Zones a bit easier.

If you'd like to learn more, please take a look at the following pages from the AWS Documentation site.

+1 for this utterly smart solution - thanks much for taking the time to compile such an epic step by step guide, I've updated [my answer](http://stackoverflow.com/a/10121343/45773) to refer future readers to your's accordingly! — Steffen Opel, Jan 30 '13 at 18:06
Thanks, Steffen! I appreciate the feedback! This was my first-ever StackOverflow answer. You can imagine how surprised I was that, after writing all this, I couldn't even post it because I didn't have enough rep to post an answer with more than two images! Hehehe...ahh, memories. :-) — Vivek M. Chawla, Jan 31 '13 at 02:42
Note:: For those wanting root domain redirects: example.org -> example.com -- do everything the same except use A Record with "Alias: Yes" enabled. Then select the bucket as the target. — JaredBroad, Jun 29 '13 at 20:17
Great solution. But I've run into a problem using https for the original URL. If the the bucket I'm re-directing is dev.example.com, the re-direct works great for http:// dev.example.com but fails for https:// dev.example.com. I haven't found a solution for this problem. — Greg, Aug 22 '13 at 16:31
@Greg I think that may have something to do with how Amazon handles HTTPS for S3. Unfortunately, when using a CNAME to access an S3 bucket, you can't force SSL by adding "https" because Amazon isn't hosting a certificate for "*.example.com". Since S3 won't allow the connection, we never get to the redirect logic. Unfortunately, I can't see a workaround to this. — Vivek M. Chawla, Aug 26 '13 at 20:00
Any idea why I'm getting a [NoSuchBucket error](http://stackoverflow.com/questions/21335580/code-nosuchbucket)? — fredley, Jan 24 '14 at 14:54
@TomMedley Did the fix that Michael suggested work for you? Let me know if there's anything I can still do to help. — Vivek M. Chawla, Jan 26 '14 at 14:27
Unfortunately, this doesn't seem to work if you're redirecting from the apex to a subdomain because you can't use a CNAME on the apex domain. Any thoughts? (apex meaning the naked domain) — Barrett Kuethen, Feb 26 '14 at 20:59
Sorry @BarrettKuethen, I can't think of how you would do this using only Amazon's native services, ie. without spinning up a host somewhere to point an A record to, and have that host do a redirect. If I can think of something, I'll ping you with another comment. — Vivek M. Chawla, Feb 28 '14 at 20:16
There is a new option "Redirect all requests to another host name" under the bucker options. I put in there the IAM sign in url and it worked like a charm, no need for XML. — Dan Milon, Apr 15 '14 at 07:14
Why "name the bucket EXACTLY the same as the URL you want to set up for forwarding" ? — lu yuan, Nov 10 '14 at 01:20
Step 3.2: Forget about the "Enable website hosting" & directly go with select "Redirect all requests to another host name". — Slake, Sep 26 '15 at 14:23
@Slake I took a look and you're right, you can go directly with the "Redirect all Requests..." option. Having said that, I think that the answer as currently written gives readers an opportunity to learn about some extended features, so I prefer to keep this answer as-is. Thanks! — Vivek M. Chawla, Sep 27 '15 at 16:07
@BarrettKuethen, you can still setup a cname (in step 7 here) using these steps for all apex domain traffic by using the wildcard character. (e.g. `*.example.com`) This will let you setup a DNS-only solution for redirecting an apex domain. — Siphon, Jan 29 '16 at 14:24
Any solution for HTTPS? Trying to point https://domain.com to https://www.domain.com. I get AccessDenied error — Kamy D, Mar 31 '16 at 22:42
I think this solution is easier (a lot) http://stackoverflow.com/a/32991751/1703029 can you point to it please? Thanks! — Pierre Ozoux, May 11 '16 at 17:51
This fails with SSL. S3 doesn't have access to my SSL cert to perform the redirect, and I force all my traffic over SSL. Any advice? — Costa Michailidis, Jun 08 '16 at 21:45
So you can totally do HTTPS now, if you set up a three tier system within AWS. Now, this is getting rather ridiculous for just doing redirections, but S3 buckets can do redirections as described above. If you want to do HTTP --> HTTPS redirections, you can actually do that using Amazon Cloudfront, which will use a free HTTPS certificate generated by Amazon Certificate Manager. The final system has Route 53 connecting to Cloud Front (which handles https traffic), connecting to S3, which does the redirection. — mlissner, Aug 04 '16 at 20:26
@mlissner it seems so elaborate for something that ought to be so simple. — Andy Hayden, Feb 18 '17 at 09:08
50 steps for a simple URL to URL forwarding. That's insane, Amazon! @amazon — poitroae, Mar 31 '20 at 16:17

Roberto Schneiders · Answer 2 · 2017-08-01T14:31:12.950

167

The AWS support pointed a simpler solution. It's basically the same idea proposed by @Vivek M. Chawla, with a more simple implementation.

AWS S3:

Create a Bucket named with your full domain, like aws.example.com
On the bucket properties, select Redirect all requests to another host name and enter your URL: https://myaccount.signin.aws.amazon.com/console/

AWS Route53:

Create a record set type A. Change Alias to Yes. Click on Alias Target field and select the S3 bucket you created in the previous step.

Reference: How to redirect domains using Amazon Web Services

AWS official documentation: Is there a way to redirect a domain to another domain using Amazon Route 53?

edited Aug 01 '17 at 14:31

answered Oct 07 '15 at 12:05

Roberto Schneiders

1,836
1
14
15

26

This works great for HTTP but not HTTPS. – mythofechelon Nov 16 '16 at 11:25
@mythofechelon What do you mean? I haven't had any problem with https so far. If you want to use https with your domain (ex: https:// aws.example.com), this is a completely different problem, because you will need a server with ssl certificate to be able to do that. – Roberto Schneiders Nov 18 '16 at 17:23
1

The official documentation is here: https://aws.amazon.com/premiumsupport/knowledge-center/redirect-domain-route-53/ – Mario Olivio Flores Apr 12 '17 at 09:49
Thank you @MarioOlivioFlores. I added the link to the official docs in my answer. – Roberto Schneiders Aug 01 '17 at 14:32
I would not recommend it that way, as results are cached and update time takes a while, moreover only domains will be supported. – Lorenz Lo Sauer Nov 19 '17 at 12:58
I don't see my buckets in Route53. I can't select them from the list. How long does it take Route53 to see that there is a new bucket on my account? – Pawel Jan 22 '19 at 11:06
@Pawel you should see the bucket right away. Make sure the bucket name is exaclty the same as the full route53 domain. For example, if you are creating an Alias A record with the name "mysubdomain", your bucket name should be "mysubdomain.domain.com". – Roberto Schneiders Jan 30 '19 at 19:43
2

Does this `Redirect all requests to another host name` option still exist? I can't see it when I go to bucket properties. – aidan Aug 24 '19 at 05:56
good question @aidan. Can you try to use the option "Redirect requests" under "Static website hosting" options? – Roberto Schneiders Aug 26 '19 at 17:49
1

This should be the correct answer, its better to reference components inside AWS using Alias for performance purposes instead of CNAME (that works but its not the best approach). – Douglas Figueroa Oct 09 '19 at 21:04
2

wonderful. works with HTTPS. – blueprintchris Nov 11 '21 at 19:42

score 12 · Answer 3 · answered Jun 20 '12 at 20:35

I was able to use nginx to handle the 301 redirect to the aws signin page.

Go to your nginx conf folder (in my case it's /etc/nginx/sites-available in which I create a symlink to /etc/nginx/sites-enabled for the enabled conf files).

Then add a redirect path

server {
  listen 80;
  server_name aws.example.com;
  return 301 https://myaccount.signin.aws.amazon.com/console;
}

If you are using nginx, you will most likely have additional server blocks (virtualhosts in apache terminology) to handle your zone apex (example.com) or however you have it setup. Make sure that you have one of them set to be your default server.

server {
  listen 80 default_server;
  server_name example.com;
  # rest of config ...
}

In Route 53, add an A record for aws.example.com and set the value to the same IP used for your zone apex.

Even better would be to use an Alias record to point to the elastic load balancer in front of this machine. — maletor, Sep 14 '12 at 16:33

score 11 · Answer 4 · edited May 23 '17 at 12:10

Update

While my original answer below is still valid and might be helpful to understand the cause for DNS based URL forwarding not being available via Amazon Route 53 out of the box, I highly recommend checking out Vivek M. Chawla's utterly smart indirect solution via the meanwhile introduced Amazon S3 Support for Website Redirects and achieving a self contained server less and thus free solution within AWS only like so.

Implementing an automated solution to generate such redirects is left as an exercise for the reader, but please pay tribute to Vivek's epic answer by publishing your solution ;)

Original Answer

Nettica must be running a custom redirection solution for this, here is the problem:

You could create a CNAME alias like aws.example.com for myaccount.signin.aws.amazon.com, however, DNS provides no official support for aliasing a subdirectory like console in this example.

It's a pity that AWS doesn't appear to simply do this by default when hitting https://myaccount.signin.aws.amazon.com/ (I just tried), because it would solve you problem right away and make a lot of sense in the first place; besides, it should be pretty easy to configure on their end.

For that reason a few DNS providers have apparently implemented a custom solution to allow redirects to subdirectories; I venture the guess that they are basically facilitating a CNAME alias for a domain of their own and are redirecting again from there to the final destination via an immediate HTTP 3xx Redirection.

So to achieve the same result, you'd need to have a HTTP service running performing these redirects, which is not the simple solution one would hope for of course. Maybe/Hopefully someone can come up with a smarter approach still though.

@ejain - you are correct of course, I've fixed this accordingly (must have missed the notification back then); thanks for pointing out this potentially misleading phrasing! — Steffen Opel, Jan 30 '13 at 17:35

score 0 · Answer 5 · answered Oct 01 '16 at 08:44

If you're still having issues with the simple approach, creating an empty bucket then Redirect all requests to another host name under Static web hosting in properties via the console. Ensure that you have set 2 A records in route53, one for final-destination.com and one for redirect-to.final-destination.com. The settings for each of these will be identical, but the name will be different so it matches the names that you set for your buckets / URLs.