Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to redirect HTTP to HTTPS using S3, Cloudfront, and Route 53 using naked domains?

I have a domain (example.com) with SSL support. I am having an issue when trying to redirect a request from www.example.com -> https://example.com.

The error I get when trying to access www.example.com is:

The request could not be satisfied.

Bad request.

These URLs work (redirect to https://example.com)

  • example.com
  • http://example.com
  • https://example.com

http://www.example.com shows that the website is not secure, meaning it does not use the certificate.


S3

I have created 2 S3 buckets example.com & www.example.com (A and B, respectively). Bucket A's Static Website Hosting has enable website hosting pointing to example.com. Bucket B's Static Website Hosting has redirect all requests to example.com.


Cloudfront

I have a distribution with 2 Alternate Domain Names (CNAMEs), example.com and www.example.com. I also have an SSL cert on this dist.


Route 53

I have a hosted zone with 2 A-type aliases, example.com and www.example.com that both point to Cloudfront's distribution (XX.cloudfront.net)

like image 356
thisismytemp Avatar asked Jan 18 '17 03:01

thisismytemp


People also ask

Can CloudFront redirect http to HTTPS?

Redirect HTTP to HTTPS Viewers can use both protocols, but HTTP requests are automatically redirected to HTTPS requests. CloudFront returns HTTP status code 301 (Moved Permanently) along with the new HTTPS URL.

How do I redirect non www to CloudFront?

You can take it out of the logic equation. You should have 4 "A" type records in your Route 53 for the domain (assuming you have IPv6 enabled in CloudFront): www.domain.com "A" alias record pointing to your CloudFront instance. www.domain.com "AAAA" alias record pointing to your CloudFront instance.


2 Answers

You need to have your content being distributed by Cloudfront. So the content from your S3 bucket will go through Cloudfront before being served. You can find info about how to do it here: Using CloudFront with Amazon S3

Then, for the second part, to have all your data served with https, do the following: Go to CloudFront > Your distribution > behaviour tab > select the first element of the list and click Edit. Then you should be able to see an option for redirecting http to https.

enter image description here

like image 59
Tiberiu Maxim Avatar answered Sep 20 '22 06:09

Tiberiu Maxim


I'm surprised that you're having luck with the SSL endpoints, as it's my understanding that the proper setup is to disable static website hosting on the s3 buckets and make sure all traffic to them is going through Cloudfront. Cloudfront will handle SSL itself, including redirects from HTTP to HTTPS, provided that you configure your Cloudfront origin to only allow HTTPS access via the Origin Protocol Policy setting.

For setting up the Cloudfront-to-s3 configuration: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html

For restricting s3 to be accessible only by Cloudfront: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

like image 35
rumdrums Avatar answered Sep 21 '22 06:09

rumdrums