Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

CloudFront - Origin Domain field is automatically filling S3 static website URL

0

Dear colleagues,

I am trying to create a static S3 website. I've registered a domain and would like to secure the connection using CloudFront. What i have done so far:

  1. I have created S3 Bucket and have **disabled ** the S3 static website hosting option
  2. Custom Domain is registered via Route53,
  3. I have set up an SSL certificate via the ACM
  4. When creating CloudFront distribution i face two problems:
  • Although the Origin Domain field is allowing me to select the S3 bucket REST API endpoint (e.g., my-bucket-name.s3.amazonaws.com) it is then automatically renaming to the S3 static website URL (e.g., my-bucket-name.s3-website-region.amazonaws.com).
  • When trying to add A Alias in Route53 under my domain hosted zone, when I select Alias to CloudFront Distribution, Virginia is greyed out and states: An alias to a CloudFront distribution and another record in the same hosted zone are global and available only in ...
  • Also, the distribution field does not find the distribution i have created.

It's like paragraph 22. Can anyone help?

Topics
ComputeStorageNetworking & Content Delivery
Tags
Amazon CloudFrontWebsite HostingAmazon Simple Storage Service
Language
English
asked a year ago202 views
3 Answers
1

When creating the CloudFront distribution, you need to change Origin Access to Origin access control settings (recommended) Create CloudFront distribution using OAC with S3

You will need to create a new OAC and update S3 bucket policy. Refer to blog Amazon CloudFront introduces Origin Access Control (OAC) for steps involved.

It takes a while for a CloudFront distribution to be created. Once CloudFront distribution status is Enabled, then go to Route 53 to create your Alias record. You should find your distribution (ID.cloudfront.net) in the dropdown.

Rotue 53 alias record to CloudFront

You will need to create a CNAME with your CloudFront distribution, and associate ACM cert, in order to use your domain

AWS
EXPERT
answered a year ago
EXPERT
reviewed a year ago
  • Tsanimir
    a year ago

    Hello Mike, thanks for jumping in. I have changed Origin Access to Origin access control settings, created OAC and updated the S3Bucket Policy. CF distribution is enabled now but still when I go to Route53 and try to create A Alias it does not show my distribution.. this is where i stop each time.. any further ideas?

  • MikeLim EXPERT
    a year ago

    Hello Tasnimir, you can enter your CF distribution FQDN manually. Copy distribution domain name (in format <ID>.cloudfront.net) from CloudFront console, and paste it in R53 text box

0

Bucket configuration changes follow an eventual consistency model. If you had static website hosting enabled for your bucket and then disabled it, the change won't take effect instantly. It may take a variable amount of time for the feature actually to be disabled and for the new configuration to be reflected in other contexts, such as in the CloudFront configuration views in the console. If this is the issue, it'll resolve itself, probably within 15-30 minutes of disabling the static website hosting option.

EXPERT
answered a year ago
  • Tsanimir
    a year ago

    Hey, Leo, thanks for the suggestion. Unfortunately, it has been 24hs now and whenever i try to create new distribution or edit the current one, it still keeps automatically changing the origin domain to the web one..

0

Thank you for providing details about your setup. Let's address the issues you're facing:

  1. Regarding the Origin Domain field automatically changing to the S3 static website URL: This behavior is unexpected, especially since you've disabled static website hosting on your S3 bucket. Typically, when using CloudFront with a private S3 bucket (not configured as a static website), you should be able to select the S3 bucket's REST API endpoint.

    To resolve this, try the following:

    • Ensure that your S3 bucket is indeed not configured for static website hosting.
    • When creating the CloudFront distribution, manually enter the S3 bucket's REST API endpoint (e.g., my-bucket-name.s3.amazonaws.com) instead of selecting it from the dropdown.
    • If the issue persists, consider using the new S3BucketOrigin class with Origin Access Control (OAC) if you're using AWS CDK, or set up OAC manually in the AWS Console.

  2. Regarding the Route 53 A Alias record issue: The greyed-out Virginia region and the message you're seeing are normal. CloudFront distributions are global resources, so they appear in the US East (N. Virginia) region by default.

    If you can't find your CloudFront distribution when trying to create the alias record, check the following:

    • Ensure that the CloudFront distribution has been fully deployed (this can take up to 15-20 minutes).
    • Verify that you're in the correct AWS account and region where the CloudFront distribution was created.
    • Try refreshing the CloudFront distribution list in the Route 53 console.

If these steps don't resolve your issues, you may need to review your overall configuration to ensure all components are correctly set up and integrated. Remember to use Origin Access Control (OAC) for enhanced security when connecting CloudFront to your private S3 bucket.
Sources
Community | Hosting my Static Website in an AWS S3 Bucket + CloudFront— Part 2
S3OriginConfig - Amazon CloudFront
Use your domain for a static website in an Amazon S3 bucket - Amazon Route 53
A new AWS CDK L2 construct for Amazon CloudFront Origin Access Control (OAC) | AWS DevOps & Developer Productivity Blog

answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content