Cloud Front To ALB SNI

0

I have a scenario where ALB has configuration with two domains for example url - "https://www.domainA.com"with ACM certificate "www.domainA.com" as default SSL certificate and another url - "https://www.domainB.com" with ACM certificate "www.domainB.com" as SNI. Both of them working fine. I want to create CloudFront with Alternate domain name "www.domainB.com" and Custom SSL ACM certificate "www.domainB.com" to point to ALB using AWS origin. When i change domain mapping https://www.domainB.com to point Cloud Front distribution will this work?

dev
asked 3 months ago178 views
2 Answers
0
Accepted Answer

Yes, it will work. You will need to set the cache behavior(s) sending traffic to the ALB origin to forward the "Host" header to the origin, instead of using the name of the origin ALB, which will necessarily have to be different from the name the user requested that is now pointing to CloudFront. This configuration will cause the TLS SNI CloudFront sends to the origin to contain the hostname that the user originally requested. This detail is documented here: https://docs.aws.amazon.com/whitepapers/latest/secure-content-delivery-amazon-cloudfront/origin-https-configuration.html

The way you can configure which headers in the original request are forwarded to the origin is explained in this documentation article: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web

EXPERT
Leo K
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago
  • Thank you @Leo its working

0

Hello dev

Follow the links to resolve the issue:

https://aws.amazon.com/cloudfront/custom-ssl-domains/

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html

  • Ensure your ACM certificate for "www.domainB.com" is valid and not expired.

  • After updating your DNS record, allow some propagation time for the changes to take effect globally.

By following these steps, your users will be able to access your ALB content securely through "https://www.domainB.com" with the custom SSL certificate from ACM, while CloudFront handles content delivery and caching.

profile picture
EXPERT
Sandeep
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions