Cloudfront not respecting Origin Path

Question

I have a cloudfront distribution with two origins. The first is an S3 static-website bucket and the second is an ALB. I also configured an extra behavior (apart from the default) to forward all api requests to the ALB.

**CNAME** - service.example.com

**Behavior: **
* Path Pattern - `api/*`
* Cache Policy - `CachingDisabled`
* Origin Request Policy - `AllViewer`

**Origin**
* Origin Path - `/api/v1`

The objective is to fetch `https://service.example.com/api/v1/something` when I try to access `https://service.example.com/api/something`.

This doesn't work. If I access `service.example.com/api/anything` the URL does not even get rewritten to `service.example.com/api/v1/anything`

Is there a CloudFront behavior I'm not aware of that's making me misconfigure this?

Edit to add:

I enabled ALB access logging and this is how all requests look:

```
https 2022-04-21T08:35:38.496934Z app/example-service/48c3493fa5414f88 65.49.20.66:45416 10.0.2.91:8000 0.001 0.002 0.000 404 404 39 178 "GET https://44.198.88.248:443/ HTTP/1.1" "-" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-1:ACCOUNTID:targetgroup/example-service/1d723b6babea76f0 "Root=1-6261175a-69c4fa13012685" "-" "arn:aws:acm:us-east-1:ACCOUNTID:certificate/1d74321b-[snip]-539" 0 2022-04-21T08:35:38.493000Z "forward" "-" "-" "10.0.2.91:8000" "404" "-" "-"
```

Referring to the syntax of this log line, it seems like `"GET https://44.198.88.248:443/ HTTP/1.1"` is the requested path. There is no path here even though I requested `/api/v1/something/else`.

Answer

I have the exact same behaviour but wasn't able to get it to work. Did you have any luck?

Answer

Are you specifying your api origin as an ALB or as an HTTP/S server?  If the former (which I think is correct) then wouldn't the constructed origin URL be based on the default ALB domain not your CNAME?

Answer

The steps provided in the documentation links below are summarized as follows:

1. Open the CloudFront distribution settings in the AWS Management Console.
2. Go to the "Behaviors" tab and click "Create Behavior" to create a new custom behavior.
3. For "Path Pattern," enter /api/* to match all requests that start with /api/.
4. For "Cache Policy," select "CachingDisabled".
5. For "Origin Request Policy," select "AllViewer" to forward the request to the origin (ALB).
6. Configure the origin settings for the ALB:
    1. Origin Domain Name: the domain name or endpoint of your ALB.
    2. Origin Path: /api/v1.

Save the behavior and wait for the CloudFront distribution to update. Ensure you did this correctly. It might take some time for CloudFront to update.

If this is what you did and you still are facing origin path problems, follow the more detailed AWS instructions for your CloudFront multi-origin setup:
https://catalog.us-east-1.prod.workshops.aws/workshops/4557215e-2a5c-4522-a69b-8d058aba088c/en-US/basic-configuration/create-multiple-origins

Values you want to put in when configuring with CloudFront:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html

Hope these resources help!

Cloudfront not respecting Origin Path

Relevant content