0

Requirement

In all the following requirement the URL should change in the browser

Documents Referred

My S3 configuration

  • S3 bucket name : firstdomain.com
  • Static website hosting is enabled and the following is the configuration
    • protocol: https
    • redirect request to: sub.seconddomain.com

CloudFront Configuration

  • Origin name : firstdomain.com.s3-website.ap-south-1.amazonaws.com
  • Viewer protocol policy: redirect HTTP to HTTPS
  • Alternate Domain Names: firstdomain.com and seconddomain.com
  • ACM certificate : installed with *.firstdomain.com and *.seconddomain.com
  • Noted that the cloudfront name is : something.cloudfront.net

Route53 configuration

  • Alias A Ipv4 record created with firstdomain.com -> something.cloudfront.net

Whats happening

So all my requests are forcibly being moved to http and the certificate is not being loaded.

Following is the curl output

$ cat curloutput.txt| egrep -i  "location|server|301"
< HTTP/1.1 301 Moved Permanently
< Server: CloudFront
< Location: https://firstdomain.com/
* Connected to firstdomain.com (someIP) port 443 (#1)
* successfully set certificate verify locations:
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* ALPN, server accepted to use h2
* Server certificate:
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* Using HTTP2, server supports multi-use
< HTTP/2 301
< location: http://sub.seconddomain.com/
< server: AmazonS3
< x-cache: Hit from cloudfront
* Connected to sub.seconddomain.com (someip) port 80 (#2)

> GET / HTTP/1.1
> Host: sub.seconddomain.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Thu, 12 Aug 2021 07:47:58 GMT
< Content-Length: 19
<
codeaprendiz
  • 2,703
  • 1
  • 25
  • 49

2 Answers2

1

A simple alternative is to use CloudFront Functions to handle the redirect at the edge. For example:

function handler(event) {
    var request = event.request;
    var host = request.headers.host.value;

    if (host === 'firstdomain.com') {
        return {
            statusCode: 302,
            statusDescription: 'Found',
            headers:
                { 'location': { 'value': 'https://sub.seconddomain.com' } }
            }
        };
    }
    return request;
};

Regarding the certificates not loading: is sub.seconddomain.com also running on CloudFront? Did you add it as an alternative domain (you listed seconddomain.com and a wildcard certificate, but not clear where the subdomain is hosted)

Cristian
  • 1,051
  • 7
  • 10
  • ah okay, we can do it using `Cloudfront` only. I will try this as well. Anyway i was able to achieve the result. i was the cloudfront cache all along. – codeaprendiz Aug 13 '21 at 11:27
1

Redirect Apex domain to another domain's subdomain with browser change in URL

Requirements

Documents Referred

https://aws.amazon.com/premiumsupport/knowledge-center/route-53-redirect-to-another-domain

stackoverflow

S3 configuraton

  • Name of the bucket : firstdomain.com
  • Enable the static website hosting and Redirect requests for an object and set the Hostname to sub.seconddomain.com. Protocol should be https
  • Keep a copy of the website endpoint http://firstdomain.com.s3-website.ap-south-1.amazonaws.com

CloudFront configuration

  • Create cloudfront distribution with alternamte domain name as firstdomain.com
  • You will need to create an ACM certificate in us-east-1 for the CloudFront, ensure that the ACM certificate supports the domians *.firstdomain.com, firstdomain.com, www.firstdomain.com, *.seconddomain.com, seconddomain.com, www.seconddomain.com
  • Keep the origin domain as firstdomain.com.s3-website.ap-south-1.amazonaws.com, what noted in previous step without the http
  • Origin Protocol should be http as for S3-website configuration only supports http requests. So the http port will also be 80
  • Viewer, protocol policy Redirect HTTP to HTTPS
  • You can keep all the HTTP methods as allowed
  • Make a not of the distribution domain name https://something.cloudfront.net

Route53 configuration

  • Go to the hosted zone firstdomain.com
  • Create an Alias A IPv4 record for firstdomain.com pointing to something.cloudfront.net

Validation

  • When there is cache miss from the cloudfront
$ curl -I http://something.cloudfront.net -L
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Thu, 12 Aug 2021 12:12:04 GMT
Content-Type: text/html
Content-Length: 183
Connection: keep-alive
Location: https://something.cloudfront.net/
X-Cache: Redirect from cloudfront
Via: 1.1 5dd0dcc9e0464f63fa9f8c3a40.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DEL54-C4
X-Amz-Cf-Id: 5kX-_t55pHGTMaZt046sbSyS9geMsw8RagPXNGdiqthnV9HEJc18Rw==

HTTP/2 301
content-length: 0
location: https://sub.seconddomain.com/
date: Thu, 12 Aug 2021 12:12:05 GMT
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5ef0432e6c0ac31f0b8bdb72d3755f66.cloudfront.net (CloudFront)
x-amz-cf-pop: DEL54-C4
x-amz-cf-id: nZGDaK7tSmo4hwC6jlT9fLV5rjNglbNajvLtj0y54vROJg18Qislrg==

HTTP/1.1 404 Not Found
Content-Length: 19
Content-Type: text/plain; charset=utf-8
Date: Thu, 12 Aug 2021 12:12:04 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
  • When there is hit from the cloudfront
$ curl -I http://something.cloudfront.net -L
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 13 Aug 2021 11:17:07 GMT
Content-Type: text/html
Content-Length: 183
Connection: keep-alive
Location: https://something.cloudfront.net/
X-Cache: Redirect from cloudfront
Via: 1.1 637fcf134a6acd248c904995685d8a65.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DEL54-C4
X-Amz-Cf-Id: MZa1056r6UIWlshM0FzGsVoAMtdVtkW8-5JMSb2JxngFIkC2kdNT4g==

HTTP/2 301
content-length: 0
location: https://sub.seconddomain.com/
date: Thu, 12 Aug 2021 12:12:05 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 d074672a93d4cecfc24649b988ca81dc.cloudfront.net (CloudFront)
x-amz-cf-pop: DEL54-C4
x-amz-cf-id: lQyKipnkYjneJ27p1ox3-bLEbnrrV49dOIMq8iXyZtP1Q402rPBKEw==
age: 83103

HTTP/1.1 404 Not Found
Content-Length: 19
Content-Type: text/plain; charset=utf-8
Date: Fri, 13 Aug 2021 11:17:07 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive

Issues you might face

  • Note that the CNAME is added to the CDN and is supported by the ACM certificate
  • Sometimes its just the cloudfront, because it take sometime to reflect the values. You can invalidate the cloudfront cache by using Cache invalidation for */
codeaprendiz
  • 2,703
  • 1
  • 25
  • 49