0

I am trying (and mostly succeeded) in setting up a static website in S3 that is served through the urls www.example.com and example.com (both of these work fine over https using a cert provisioned through ACM). It has both of those domains pointing to a cloudfront distribution setup with the S3 bucket as its endpoint in Route 53.

I also have multiple Elastic Beanstalk instances that are being served through different sub domains. app.example.com points to the one serving pages other than the landing page and api.example.com is serving the api. All of this works perfectly fine and is setup through Route 53 for the subdomains.

The only thing that does not work is I have the following setup for redirection:

<RoutingRules>    
<RoutingRule>
    <Condition>
      <KeyPrefixEquals>login/</KeyPrefixEquals>
    </Condition>
    <Redirect>
    <Protocol>https</Protocol>
      <HostName>app.example.com</HostName>
      <ReplaceKeyPrefixWith>login/</ReplaceKeyPrefixWith>
    </Redirect>
  </RoutingRule>
</RoutingRules>

So what I am hoping happens is that when someone visits (www.)example.com it goes to the landing page that is hosted in S3 and when they go to (www.)example.com/login it goes to (www.)app.example.com/login (Which points to an ELB). This does NOT work when I use HTTPS to access https://(www.)example.com/login but does if I just go to my s3 bucket url over http: http://example.com.s3-website.ca-central-1.amazonaws.com/login That successfully redirects to app.example.com/login.

Not sure what I am missing but do redirect rules in the S3 static website properties not work over HTTPS because the host name is different than the host name of the actualy s3 bucket? That is all I can think of since it works fine if i access the endpoint from the s3 url without going through my domain name with the SSL cert.

Jay Bell
  • 447
  • 7
  • 20
  • "does not work"... in what specific way does it fail to work? Redirect rules will fire for any request that actually reaches the bucket. I don't see where you've described what happens when you try to access this using https. – Michael - sqlbot May 12 '18 at 03:46
  • hey @Michael-sqlbot I have recently learned from someone in tech community here that went through the exact same thing as me that static websites hosted on S3 do not have support for the redirect rules over HTTPS, they do not fire over SSL apparently (this is coming from Amazon Support apparently), so unless it has changed, that is a really odd way for them to do it. – Jay Bell May 13 '18 at 06:50
  • It isn't actually the case that the *rules don't fire* over HTTPS. The static web site hosting endpoints of S3 don't support HTTPS at all, without help from CloudFront. You *should* be seeing a connection timeout. – Michael - sqlbot May 13 '18 at 12:57
  • @Michael-sqlbot fair enough, what I do end up seeing is an xml formatted page displaying an Access Denied when trying to access https://example.com/login, which should redirect to my other server based on the rules when not over SSL. Not a connection timeout. – Jay Bell May 13 '18 at 15:48
  • The XML means you're pointing to the REST endpoint for the bucket, supports HTTPS but not redirection rules. (The HTTP REST endpoint also doesn't do redirection). See [Key Differences Between the Amazon Website and the REST API Endpoint](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff) for an explanation of this. – Michael - sqlbot May 13 '18 at 17:47
  • This other question is based on different symptoms for the same problem... here's your solution: https://stackoverflow.com/a/34065543/1695906 – Michael - sqlbot May 13 '18 at 17:49

1 Answers1

0

Not an exact answer to my original question but there is a different way to do what I am trying to do by setting up a Cloudfront distribution (like in the original question) but add a second origin - the app.example.com server - and then setup a list of behaviors in the distribution and URL route certain url paths to either the S3 origin or the App Server origin.

/css/* - s3
/js/* - s3
/login* - app server
/dashboard* - app server

etc. I have the * path setup to point to the app server as my landing page is static and only has 5 routes.

Jay Bell
  • 447
  • 7
  • 20