- Newest
- Most votes
- Most comments
Hello.
I tried resolving the domain name using the "dig" command, but I cannot confirm the A record.
What settings do you have in your Route53 hosted zone?
dig ron-jackson.co.uk
; <<>> DiG 9.16.1-Ubuntu <<>> ron-jackson.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5062
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ron-jackson.co.uk. IN A
;; AUTHORITY SECTION:
ron-jackson.co.uk. 900 IN SOA ns-422.awsdns-52.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;; Query time: 42 msec
;; SERVER: 192.168.11.1#53(192.168.11.1)
;; WHEN: 木 9月 05 20:51:08 JST 2024
;; MSG SIZE rcvd: 127
dig www.ron-jackson.co.uk
; <<>> DiG 9.16.1-Ubuntu <<>> www.ron-jackson.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23876
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.ron-jackson.co.uk. IN A
;; AUTHORITY SECTION:
ron-jackson.co.uk. 900 IN SOA ns-422.awsdns-52.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;; Query time: 62 msec
;; SERVER: 192.168.11.1#53(192.168.11.1)
;; WHEN: 木 9月 05 20:50:58 JST 2024
;; MSG SIZE rcvd: 131
By the way, if you are setting up CloudFront, you do not need to set up static website hosting on S3, instead set up OAC.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
Additionally, if you want to set up a custom domain on CloudFront, you will need to set up an alternative domain as described in the document below.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CreatingCNAME.html
Thank you @sandeep.
- No A or Alias records.
- I have amended the CNAME record to point to the CF Distrobution name. I will keep the threard updated.
Thanks,
Ron
You need to create an alias record instead of a CNAME record.
Thank you. So I have my Cname record as shown in the Screenshot. Im actually following along with the Cloud Resume Challange hence why I am setting up CloudFront.
Hii
Verify your DNS Records:
- Login to your Route53 console.
- Check if there are any "A" records or "Alias" records pointing your domain name (ron-jackson.co.uk) and potentially the subdomain (www.ron-jackson.co.uk) to your CloudFront distribution.
- Make sure the record values point to the CloudFront distribution domain name, NOT directly to the S3 bucket name. CloudFront provides the domain name when creating the distribution.
Check DNS Propagation:
- After making changes to DNS records, it can take up to 48 hours for those changes to propagate across the internet. Be patient and try accessing your website again after a reasonable time
. Use a DNS Lookup Tool:
- Tools like dig or online services like mxtoolbox.com can help you verify if your DNS records are set up correctly.
- Use the tool to query for your domain name and see if it points to the CloudFront distribution domain name.
Resources:
- Troubleshooting distribution issues - Amazon CloudFront: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/troubleshooting-distributions.html
- How to Use Route 53 Hosted Zones: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html
- Amazon Route 53 Documentation: https://docs.aws.amazon.com/route53/
Additional Tips:
Double-check for typos in your domain name or record values. Make sure your S3 bucket policy allows public access to the website files.
Thank you Riku, created the A Name record as advised. Will report back.
Still no luck Im afraid. If I try and access via the CloudFront distribution name (d1o3vngl05ttm.cloudfront.net) I can access with no problem. ive configured DNS with an A Record (As per screenshot). I just cant see what Im missing here:
Hello! So I've been following this since it was submitted. To me, it seems like everything is functional? Your CF distribution is working via Route53 alias record, in your public hosted zone? But your S3 bucket website URL still doesn't seem to work, directly?
Is that something you desire - direct access to the S3 bucket? Did you setup OAC (origin access control), by chance? https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
This is a security feature which only allows access to the S3 bucket through the CF distribution. I may be off on my assumptions here, but the idea is to reduce the attack surface and require users to use CF, which has security features inherently built into the service.
Let us know if you setup OAC on the distributions --> Origins (edit) tab. This puts a bucket policy for copy/paste - maybe you did that? Also check the bucket policy, is it still public?
Relevant content
- Accepted Answerasked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
It looks like you are not creating an alias record for CloudFront. Please create a CloudFornt alias record by following the steps in the document below. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html#routing-to-cloudfront-distribution-config