How to redirect HTTP to HTTPS using S3, Cloudfront, and Route 53 using naked domains?

Asked 18/1, 2017 at 3:8 Answered 7/3, 2024 at 21:19

amazon-web-services amazon-s3 amazon-cloudfront

I have a domain (example.com) with SSL support. I am having an issue when trying to redirect a request from www.example.com -> https://example.com.

The error I get when trying to access www.example.com is:

The request could not be satisfied.

Bad request.

These URLs work (redirect to https://example.com)

example.com
http://example.com
https://example.com

http://www.example.com shows that the website is not secure, meaning it does not use the certificate.

I have created 2 S3 buckets example.com & www.example.com (A and B, respectively). Bucket A's Static Website Hosting has enable website hosting pointing to example.com. Bucket B's Static Website Hosting has redirect all requests to example.com.

Cloudfront

I have a distribution with 2 Alternate Domain Names (CNAMEs), example.com and www.example.com. I also have an SSL cert on this dist.

Route 53

I have a hosted zone with 2 A-type aliases, example.com and www.example.com that both point to Cloudfront's distribution (XX.cloudfront.net)

Ignatz answered 18/1, 2017 at 3:8 Comment(3)

"I have a distribution with 2 CNAMEs" do you mean you have both domains configured in the Alternate Domain Name field in CloudFront? Verify that you don't have a typo there. – Moose 18/1, 2017 at 4:14

Yes, I meant Alternate Domain Names (CNAMEs). (edited) – Ignatz 18/1, 2017 at 12:52

Complate solutution simonecarletti.com/blog/2016/08/… – Cordi 23/1, 2017 at 13:3

You need to have your content being distributed by Cloudfront. So the content from your S3 bucket will go through Cloudfront before being served. You can find info about how to do it here: Using CloudFront with Amazon S3

Then, for the second part, to have all your data served with https, do the following: Go to CloudFront > Your distribution > behaviour tab > select the first element of the list and click Edit. Then you should be able to see an option for redirecting http to https.

Bertrambertrand answered 21/2, 2017 at 14:54 Comment(5)

Do you know how long it takes to take affect? – Tegument 22/4, 2017 at 18:32

I would say 10-20 mins for the CloudFront distribution to get updated. You can see its status in the console (aws interface) – Bertrambertrand 24/4, 2017 at 7:58

Do we need route 53 in that configuration? – Compressor 27/10, 2018 at 15:29

@Compressor you still need create the DNS records, so if you are using Route53 as your DNS you need to create a A record with Alias to the Cloudfront Distribution (looks like d2hjwzns37abxk.cloudfront.net) – Colson 3/5, 2021 at 22:49

If you don't want to wait after this action, you can create invalidation: Distributions -> your distribution -> invalidations -> create -> /* – Noddle 16/11, 2021 at 12:6

I'm surprised that you're having luck with the SSL endpoints, as it's my understanding that the proper setup is to disable static website hosting on the s3 buckets and make sure all traffic to them is going through Cloudfront. Cloudfront will handle SSL itself, including redirects from HTTP to HTTPS, provided that you configure your Cloudfront origin to only allow HTTPS access via the Origin Protocol Policy setting.

For setting up the Cloudfront-to-s3 configuration: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html

For restricting s3 to be accessible only by Cloudfront: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

Imminence answered 18/1, 2017 at 4:13 Comment(0)

Same issue, different resolution than the other answers provided here, so I'll add mine.

In my case, I had the HTTPS Only Viewer protocol policy enabled in Cloudfront ( -> behaviors -> edit)

I changed it to Redirect HTTP to HTTPS which resolved the issue immediately.

I determined that this was the issue because my site was working on all browsers except safari on mobile (safari on desktop was okay). However, explicitly typing https into the safari mobile browser got me to the site. Seems like safari mobile sends requests as HTTP unless specified.

Cimabue answered 7/3, 2024 at 21:19 Comment(0)

Recommended topics

Hot tags