By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Point custom domain from other service provider to distribution default domain

0

Q1. My domain is using a Country Code Top-Level Domain that is not supported by AWS Route 53. As a result, when I attempted to point my domain "example.com" to the default domain of my Lightsail distribution, I discovered that my domain hosting provider only supports IP address mapping and does not allow setting an A record to the default domain "123456abcdef.cloudfront.net."

After some experimentation, I found a workaround by obtaining the IP address of "123456abcdef.cloudfront.net" using the ping method. I then used this IP address as an A record for my domain "example.com."

This method works well initially, but the issue arises after a few months when the IP address of the default domain "123456abcdef.cloudfront.net" changes to a new address. This forces me to remap the A record for "example.com," leading to downtime for my site and potentially affecting SEO results.

I am seeking advice on how to address this problem more effectively and avoid the recurring downtime.

Q2. Under the same AWS account, I have configured a CloudFront distribution to pull content from my origin using HTTPS only. However, when accessing the site, I encounter a 502 ERROR with the following message:

"CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation."

This error results in the entire site not working at all. I'm unsure of the exact cause of this issue and would appreciate any insights or possible solutions to resolve the problem.

(Note: The specific request ID for the error is provided as "HNeFjvOb9el9QCvvFJnxu-QHSwfVXpa9pKyrUR8I-Q8m1hBmvnUdqA==")

It is working properly if using pull content from my origin using HTTP only. The Wordpress site is showing with proper SSL certificate. Should I keep using HTTP only?

Topics
Compute
Tags
Amazon Lightsail
Language
English
dodo
asked 9 months ago174 views
1 Answer
0

Hi, for Question 2, it looks like you have an issue with the certificate of your origin. Maybe this post will help you [1]. Cloudfront only support certificates that are signed by a trusted third-party CA [2].

Ideally you should use HTTPS all the way, from users to your cloudfront distribution and from cloudfront to your origin. If for some reason you can't make it work, at least add a security group to your origin that only allows connection from cloudfront using a cloudfront prefix list [3].

[1] https://repost.aws/knowledge-center/cloudfront-502-errors

[2] https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html

[3] https://aws.amazon.com/blogs/networking-and-content-delivery/limit-access-to-your-origins-using-the-aws-managed-prefix-list-for-amazon-cloudfront/

profile picture
fpelaezt
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content