AWS Appstream2.0 Custom URL is not working

0

Hello colleagues,

I have successfully integrated SSO and IDP solution (Azure AD and enteprise application) with Amazon Appstream 2.0 Stacks (AlwaysON and On-demand). Applications works fine for users, but we want use our URL (apps.domain.com) instead of appstream2.eu-central-1.aws.amazon.com . But unfortunately it doesn't not work , as I get an error from cloudFront server- 500 (page not found) error we are sorry . An error occurred when we tried to process your request. Rest assured, we're working to resolve the problem as soon as possible. We apologize for the inconvenience. Cloudfront logs shows that the "500 Internal Server Error" occurred when attempting to access the "/authenticate" endpoint of my AppStream 2.0 application through CloudFront.

My approach was:

  1. AppStream Stack / Fleet is already working fine , no changes
  2. I have requested Public Certificate from AWS in Virginia location (with domain ) , with domain approval - it is OK (domains: apps.domain.com, *.apps.domain.com).
  3. I have created cloudFront with the following settings:
  • origin name and origin path is set to appstream2.eu-central-1.aws.amazon.com.
  • Alternate domain name (CNAME) - optional is set to apps.domain.com .
  • Path pattern: Default (*)
  • Origin or origin group: appstream2.eu-central-1.aws.amazon.com
  • Viewer protocol policy: Redirect HTTP to HTTPS
  • Cache policy name: Managed-CachingDisabled
  • Origin request policy name: none
  • Response headers policy name: none
  1. Then I have configured DNS CNAME record to point apps.domain.com to https://secret.cloudfront.net

So after deployment , I get page with 500 error - page was not found

So any recommendations here , what can be improved and where additionally I could investigate what is wrong... ? Is it caching policies? Thank you in advance Giedrius

1 réponse
0
Réponse acceptée

Hey,

after couple evening troubleshooting sessions I managed it to start working. here are the changes in Cloudfront, hope it will be more helpful for others:

  1. Origin: Match viewer; min origin ssl protocol TLS 1.1 ;
  2. Behaviour changes:
    • Redirect HTTP to HTTPS
    • Allowed https methods GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
    • Cache key and origin requests -> Legacy cache settings: headers: none; query strings - all ; cookies - all; object caching - Use origin cache headers ;
    • Response headers : Cors-with-preflights-and-securityheaderspolicy
répondu il y a 9 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions