- Más nuevo
- Más votos
- Más comentarios
Writing down the ELB hostname instead of selecting from the dropdown it's not a problem, the dropdown is just an helper, but it doesn't make any difference if you actually write it down yourself.
About setting the access via HTTPS using an alias, as you wrote in the comment, based on this documentation, it's correct to setup a domain for ALB and one for Cloudfront if you want Cloudfront to access ALB via HTTPS. In the documentation there is also how to block access directly to ALB if you need.
To configure CloudFront to use HTTPS for origin requests, set the Origin Protocol Policy setting to HTTPS Only. This setting is available in the CloudFront console, AWS CloudFormation, and the CloudFront API. For more information, see Origin protocol policy.
When you configure CloudFront to use HTTPS for origin requests, you need to make sure that your Application Load Balancer has an HTTPS listener (as shown in the preceding section). This requires that you have an SSL/TLS certificate that matches the domain name that is routed to your Application Load Balancer. For more information, see Create an HTTPS listener in the User Guide for Application Load Balancers.
thanks is much clearer now!
I was able to recreate this in the eu-south-1 region. Suggest you open up a ticket with support.
One caveat: I had not activated the Milan region until today, so it could be related to things propagating for my account with this new region. I will check again tomorrow. However, I was able to see the Beanstalk environment in an Alias dropdown in Route 53. But could not see the ELB in CloudFront.
Also, I tried the exact same experiment in Ohio and ELB showed up in the dropdown.
i have done the same but with my dns provider. In the load balancer i have set my domain certificate (not sure if is best practise) lets say pippo.com so the domain of the certificate is different from the domain of the load balancer xxxx.eu-south-1.elb.amazonaws.com. I have to use an alias for xxxx.eu-south-1.elb.amazonaws.com like xyz.pippo.com as origin domain of cloudfront and another alias for the xxxx.cloudfront.net. I activate that region long ago so i think is a limitation. I will open a tkt thanks!!
The ALB in Milan is still NOT listed in the drop down when creating a distribution.
Contenido relevante
- ¿Cómo puedo transferir variables de mi entorno de Elastic Beanstalk a instancias de Linux y Windows?
OFICIAL DE AWSActualizada hace 2 años - OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años
Hi
Could you please check the following
Clients cannot connect to an internet-facing load balancer
If the load balancer is not responding to requests, check for the following issues:
Your internet-facing load balancer is attached to a private subnet You must specify public subnets for your load balancer. A public subnet has a route to the Internet Gateway for your virtual private cloud (VPC).
A security group or network ACL does not allow traffic The security group for the load balancer and any network ACLs for the load balancer subnets must allow inbound traffic from the clients and outbound traffic to the clients on the listener ports.
my load balancer is responding, if i use the load balancer's url or the beanstalk's url it respond with no problem, i don't think is a problem of ACL or VPC. the solution i found is force the origin using the url of the loadbalancer instead of selecting from the list. In this case the problem i have seem the certificate. In the load balancer i have set my domain certificate (not sure if is best practise) lets say pippo.com so the domain of the certificate is different from the domain of the load balancer xxxx.eu-south-1.elb.amazonaws.com. I have to use an alias for xxxx.eu-south-1.elb.amazonaws.com like xyz.pippo.com as origin domain of cloudfront and another alias for the xxxx.cloudfront.net. I'm sure this is not standard...so did you know what should be the right configuration?