43

I have a subdomain in Amazon Route53. Let's say secure.example.com

If requests come like https://secure.example.com it is ok but I would like to force http requests to come through https. When user types http://secure.example.com it needs to be forwarded to https://secure.example.com.

Is there a domain level redirecting/forwarding requests coming through http to https in Amazon Route53?

Arafat Nalkhande
  • 11,078
  • 9
  • 39
  • 63
huzeyfe
  • 3,554
  • 6
  • 39
  • 49

4 Answers4

28

Just a quick update for this question. Whilst in answer to your question no, you can't use route 53 to force HTTPS, this would lead some people to believe that forcing https on AWS hosting wasn't possible.

You can create a SSL certificate in Certificate Manager(or import your own), host your website where ever(S3), you then need to setup a CloudFront distribution for your site and import your SSL certificate, you can then use the option Redirect HTTP to HTTPS via the behavior tab in the CloudFront console.

Edit 22/02/2023

As correctly pointed out by Matt below, this isn't the right solution if you're using EC2 - for httpS on EC2 you should install an ssl certificate on the instance and configure the web server in the appropriate way.

If you're on Lambda(SSR using nextjs etc with S3) for instance SSL can only be done via cloudfront currently I believe.

Mrk Fldig
  • 4,244
  • 5
  • 33
  • 64
  • I tried this, but then I keep getting access denied in http requests (403). I had to Only because I have a Single page application, I could create custom Error response in the Error pages tab of the distribution, to redirect 403 to /index.html with 200 OK status. – callback Nov 08 '18 at 19:25
  • Hey callback, that sounds like a permissions issue on your S3 bucket, did you select webhosting when you set it up and grant public access to all the objects? – Mrk Fldig Nov 09 '18 at 09:49
  • 3
    This is the right answer and should be marked as so. Top marks! – Sean Jan 07 '19 at 05:09
  • As an alternative to LB, cloudfront makes more since in case of one instance. I have an elasticbeanstalk env on a spot instance, have a DNS for it and then created a cloudfront distribution for this DNS. This enables my application, which is a web2py application, to connect via https. I see the url getting https. But the application runs into errors while looking for a secure connection, meaning that the received connection is still http. It still doesn't make sense to me. – Shruti Kar Jun 04 '20 at 17:07
  • @ShrutiKar in behaviors you can redirect http->https also your EC2 instance needs the certificate installed. – Mrk Fldig Jun 05 '20 at 10:21
  • This is not a good solution because then all traffic is going through Cloudfront that has own specific restrictions and own request headers. What's the point of using CDN service for http->https redirections? – Matt Feb 15 '23 at 06:51
  • I am not able to edit my comment. It's a good solution only for statis websites. – Matt Feb 15 '23 at 10:33
  • I'd complain to AWS, if you're not using EC2 (ie lambda for API's etc) it's the only way :-) – Mrk Fldig Feb 17 '23 at 15:07
24

2019 +

The @Jamaurice Holt solution led me to the way but was a bit short

Classic Load Balancer

This solution only work with application load balancer, not classic load balancer, but you can migrate to use a more recent app balancer in EC2 > Load balancers > your load balancer > migrate

Application Load Balancer

On the console go to EC2 > Load balancers > your load balancer > listeners

Here you should have 2 rules: HTTP : 80 and HTTPS : 443

You just have to:

  • edit the HTTP : 80 rule

  • remove the forward rule and add a redirect rule to port 443

  • save and you should see something like: enter image description here

Sebastien Horin
  • 10,803
  • 4
  • 52
  • 54
  • What type of load balancer are you using? – Adrian Lynch Sep 06 '19 at 16:30
  • this is Application Load Balancer – erhanasikoglu Nov 26 '19 at 16:37
  • Do you really need a Load Balancer here? I get that it fixes the problem since Load Balancers have to use SSL certificates in order to do their job, but it still feels like a bit of an overkill in this scenario, especially if I only have one Ec2 instance. Also, Load Balancers aren't cost neutral. – Lucky Jun 03 '20 at 10:16
  • @Lucky medium / heavy used apps need load balancers, you may not need it for smaller projects – Sebastien Horin Jun 03 '20 at 11:34
  • @SebastienHorin That's precisely my point. If you have an infrastructure that already requires the implementation of a Load Balancer, this solution is perfect. But the original problem seemed to occur in a scenario, where a Load Balancer wasn't required to start with, hence it wouldn't make much sense to implement a Load Balancer, just to forward http requests to https. It's still a good solution, but not for every situation. This is to say that, as soon as you have more than one ec2 instance, this solution makes perfect sense, but not for lower numbers. – Lucky Jun 03 '20 at 12:43
  • @SebastienHorin I absolutely agree. As an alternative to LB, cloudfront makes more since in case of one instance. I have an elasticbeanstalk env on a spot instance, have a DNS for it and then created a cloudfront distribution for this DNS. This enables my application, which is a web2py application, to connect via https. I see the url getting https. But the application runs into errors while looking for a secure connection, meaning that the received connection is still http. It still doesn't make sense to me. – Shruti Kar Jun 04 '20 at 16:57
  • great solution! In 2019 should be the selected answer. – Mac_W Jul 26 '20 at 15:00
  • As @Lucky mentioned, AWS ELB load balancers cost $18/m. So, yes, ELB is definitely the easiest solution, but the most costly. If one is hosting a static site on S3 + Cloudfront providing the SSL (via AWS Certificate Manager) the cost could be as low as $0.50/m or less for a low traffic site. – Eric P Jul 28 '20 at 16:18
  • Great solution. I could not figure out why my app would not redirect! – Anthony Bird Mar 12 '23 at 22:31
21

No, there is no way to do this -- because it's not a DNS function to force any particular protocol, or to push values from one protocol to another. You can do this easily enough at the web server level, either in Apache, or IIS, or NGINX.

In any of those cases, the A or CNAME value pointing a specific record to a specific address (whether an IP or another host name) is the same, it's just going to connect via port 80 or port 443.

In Apache, you can simply use a rewrite (enable mod_rewrite first):

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://www.host.com/$1 [R]
Neal Magee
  • 1,642
  • 18
  • 28
  • Is there any way to redirect HTTPS to HTTP on AWS EC2? – user9437856 Aug 31 '20 at 05:11
  • @user9437856 EC2 is only raw computing infrastructure, so the way to redirect HTTP to HTTPS (or vice versa) is to use either a web server (apache2, nginx, etc.) or an HTTP load balancer like HAproxy. If you're using an ELB in front of EC2 instance(s) then you can set it to redirect. – Neal Magee Sep 01 '20 at 14:09
5

I accomplished it using a (ELB) application load balancer and redirecting the traffic to port 443 in the ELB edit section. Of course I'm using an ec2 instance to host my application and website.

aws elb edit screenshot

barbsan
  • 3,418
  • 11
  • 21
  • 28
Jamaurice Holt
  • 51
  • 1
  • 2