Is it possible to have a separate cname record for each subdomain on AWS

Question

I'd like to have www.example.com, staging.example.com and demo.example.com, where each of those maps to a separate environment for the same application on Elastic Beanstalk.

Is this possible?

On my hosted zone for example.com., I've setup cname records for www.example.com, staging.example.com and demo.example.com with each having a value that points to their respective EB url.

The first one I setup www.example.com works and requests reach the environment. But when I try to reach the others with ping staging.example.com, the results is ping: cannot resolve staging.example.com: Unknown host.

• Domain purchased and zone hosted on Route 53
• Cert issued on AWS certificate manager
• I've set the certificates the same way on each load balancer
• The first, www.example.com works fine
• The others don't
• I'm not sure what I'm missing here unless its not possible

Is this possible to get working?

Note: I've substituted my actual domain for example.com.

UPDATES 1:

I might be getting closer but its not working yet, it's returning You don't have permission to access /user.

Per this link, https://serverfault.com/questions/407961/setting-up-subdomains-within-amazon-aws-elastic-beanstalk.

I added:

files:
  "/etc/httpd/conf.d/vhost.conf":
    mode: "000644"
    owner: root
    group: root
    encoding: plain
    content: |
      NameVirtualHost *:80

      <VirtualHost *:80>
        DocumentRoot "/var/app/current/"
         <Directory "/var/app/current/">
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Require all granted
         </Directory>
      </VirtualHost>

      <VirtualHost *:80>
       ServerName staging.example.com
       DocumentRoot "/var/app/current/your-new-webroot"
        <Directory "/var/app/current/your-new-webroot">
         Options Indexes FollowSymLinks MultiViews
         AllowOverride All
         Require all granted
        </Directory>
      </VirtualHost>

Now when I run ping staging.example.com, the response is:

PING example...elasticbeanstalk.com (35.182.128.147): 56 data bytes

Which is great. But when I try to make my actual request:

curl -X POST -H "Content-Type: application/json" 
-H "Authorization: Bearer ..." -d '{}' https://staging.example.com/user

The response is:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /user
on this server.<br />
</p>
</body></html>

UPDATES 2:

I've reordered my VirtualHosts and added ServerName so it now looks like this:

files:
  "/etc/httpd/conf.d/vhost.conf":
    mode: "000644"
    owner: root
    group: root
    encoding: plain
    content: |
      NameVirtualHost *:80

      <VirtualHost *:80>
       ServerName staging.example.com
       DocumentRoot "/var/app/current/your-new-webroot"
        <Directory "/var/app/current/your-new-webroot">
         Options Indexes FollowSymLinks MultiViews
         AllowOverride All
         Require all granted
        </Directory>
      </VirtualHost>

      <VirtualHost *:80>
        ServerName www.example.com
        DocumentRoot "/var/app/current/"
         <Directory "/var/app/current/">
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Require all granted
         </Directory>
      </VirtualHost>

But I'm still getting the same response from my POST request:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /user
on this server.<br />
</p>
</body></html>

Additionally, per my /var/log/httpd/error_log logs:

AH01630: client denied by server configuration: /var/app

UPDATES 3:

A couple points.

1. Updated the Directory and DocumentRoot to point to where my app files are actually stored on the server for my flask app, "/opt/python/current/app", previously I copied and pasted "/var/app/current/".

2. Checked my apache version with httpd -v. The result is, Server version: Apache/2.4.27 (Amazon) \n Server built: Sep 24 2017 23:19:50

Updated file:

files:
  "/etc/httpd/conf.d/vhost.conf":
    mode: "000644"
    owner: root
    group: root
    encoding: plain
    content: |
      NameVirtualHost *:80

      <VirtualHost *:80>
       ServerName staging.example.com
       DocumentRoot "/opt/python/current/app"
        <Directory "/opt/python/current/app">
         Options Indexes FollowSymLinks MultiViews
         AllowOverride All
         Require all granted
        </Directory>
      </VirtualHost>

      <VirtualHost *:80>
        ServerName www.example.com
        DocumentRoot "/opt/python/current/app"
         <Directory "/opt/python/current/app">
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Require all granted
         </Directory>
      </VirtualHost>

Still getting the same results.

Answer 1

The ping staging.example.com works because your CNAME resolved properly. However, the VirtualHost directive is applied in a linear manner. Since your first VHost section does not contain a ServerName, it is applied by default to all the requests.

Change the order of both VHost sections, or add a ServerName to them all, and things should start working (restart of the EB application might be required).

You can also check the log files on the machine itself, if there is some other reason for the 403 error though.