- Newest
- Most votes
- Most comments
If you want CloudFront to cache responses to requests that include query string parameters, you should configure the behaviour to use a cache policy that includes query strings. It's explained in this documentation section: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cache-key-understand-cache-policy.html#cache-policy-query-strings
If you don't want CloudFront to cache responses, which might be the case for API calls, and you set the behaviour to use the CachingDisabled managed cache policy, query strings will not be included in the cache key or origin requests, unless otherwise configured. It's shown in this documentation section: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html#managed-cache-policy-caching-disabled
In this case, you can include the query string parameters you want or the entire query string by using a managed origin request policy, such as AllViewer (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html#managed-origin-request-policy-all-viewer), or by creating a custom origin request policy that only includes the query string parameters you want to allow towards your origin.
The interactions between cache policies and origin request policies are explained in documentation here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-how-origin-request-policies-and-cache-policies-work-together.html. The general rule is that origin requests include all the properties of the request that are included in the cache key by a cache policy, but attributes that are not included can be added to origin requests by an origin request policy.
It appears that your CloudFront distribution is not forwarding query string parameters to your API Gateway as expected. This can happen due to a few reasons:
-
CloudFront Configuration: Even though you mentioned that CloudFront is set to forward all query strings, it's worth double-checking the CloudFront behavior settings. Ensure that the origin request policy is configured to forward all query strings to the origin.
-
API Gateway Configuration: Make sure your API Gateway is set up to accept and process query string parameters. For an HTTP API with a /{proxy+} route, it should automatically handle query strings without additional configuration.
-
CloudFront Cache: CloudFront might be caching responses without considering query strings. Try invalidating the CloudFront cache or adding cache busting parameters to your requests to force a fresh request to the origin.
-
Logging and Debugging: The CloudFront logs you provided show a 403 error, which suggests an access issue rather than a query string forwarding problem. This could indicate that the request is being blocked before it reaches API Gateway.
To troubleshoot:
-
Verify your CloudFront distribution settings, particularly the origin request policy and behavior rules for query string forwarding.
-
Check API Gateway logs to see if the requests with query strings are reaching it at all.
-
Test your API Gateway endpoint directly (bypassing CloudFront) to ensure it's handling query strings correctly.
-
Review your VPC Links and ALB configuration to ensure they're not interfering with query string processing.
-
Consider using AWS X-Ray or other tracing tools to follow the request path and identify where the query strings are being dropped.
If the issue persists after these checks, you may need to contact AWS support for further assistance, as this behavior is not typical for a properly configured CloudFront and API Gateway integration.
Sources
HTTP API Gateway is only forwarding the first parameter string. | AWS re:Post
Backend and Frontend on same domain Cloudfront error | AWS re:Post
OriginRequestPolicyQueryStringsConfig - Amazon CloudFront
ForwardedValues - Amazon CloudFront
Relevant content
- asked 3 months ago
AWS OFFICIALUpdated 6 months ago
