How to direct traffic from Cloudfront via ALB to a specific context path on a EC2 port

Question

I have IIS hosted web application running in a EC2
the application is listening on port xyz
currently the application is serving two different page as below:
1)  localhost:**xyz**
2) localhost:**xyz**/*contextpath*

Now the application is correctly working inside localhost ie inside the EC2 instance and coming up in the local browser inside EC2.
but how to direct external internet traffic from Cloudfront via ALB towards that context path?

I am **able** to connect to first page  **localhost:xyz** but **unable to connect** the  second page  **localhost:xyz/contextpath**

My architecture is like =>  internet URL -> CloudFront -> ALB -> TargetGroup -> EC2

in the CDN origin path I cannot add  "/*contextpath*" as it is changing the request DNS as "abc.cloudfront.net/context:xyz"
whereas my intention is to request "abc.cloudfront.net:xyz/contextpath"
is there any way to append the path after the port?

in the CDN general settings default root object will not help either as the request itself is not reaching to the specific path inside the EC2 port.

in the ALB path based routing I cannot use as it is only routing the traffic to target port in the ec2 not any contextpath inside the ec2 port.

Please suggest if it is possible to connect Cloudfront to different context path under same port in a EC2

Answer

Hello,

Kindly note, CloudFront will by default forward the path present in client request to the Origin server. In your case, the request path would be forwarded to the ALB origin. Now, further traffic flow should depend on the rules configured on ALB. If you wish to direct the traffic to a separate Target Group with desired EC2 instances and port, you can create a rule based on path for this forwarding. Your EC2 server application needs to process this request and  provide the required response.

Using the optional path parameter in Origin settings of CloudFront ensures that every request forwarded from CloudFront to this Origin will by default have this path appended with the Origin domain followed by the client request path. 
Note:- 
* Client --> CloudFront request needs to be on port 80 and 443 for HTTP and HTTPS respectively, this cannot be customised
* Origin domain  path should not contain the port number for HTTP or HTTPS (it will be considered as part of path pattern itself), there is a separate option for providing the ports you wish for CloudFront to connect on with the Origin ALB for HTTP and HTTPS. 
* ALB Origin needs to configure listeners on same port where requests are being forwarded from CloudFront 
* Rules should be created in ALB to handle incoming traffic from CloudFront to direct to the desired Target Group which will have details for the instances and ports serving the traffic

If you wish to modify the client request being forwarded from CloudFront to Origin for different paths, you can create separate Cache behaviours in CloudFront and use features like Lambda@Edge or CloudFront Functions.

Default Root object of CloudFront is used to fetch a resource from Origin when Client request does not include any path or resource.

When an error is encountered in your setup, to narrow down the scope of troubleshooting, you can try requesting the same resource via ALB directly.

To get better resource-specific troubleshooting assistance for any service in your setup,  you can also consider creating a support case with the respective Support team of AWS using the link: https://console.aws.amazon.com/support/home#/case/create

You can refer this documentation for more information about creating support cases and case management: https://docs.aws.amazon.com/awssupport/latest/user/case-management.html

How to direct traffic from Cloudfront via ALB to a specific context path on a EC2 port

Relevant content