Cloudfront 502 when using an ALB as custom origin via Lambda@Edge

Hi there,

I filter requests to have crawlers and bots consuming a dedicated origin. This origin is an express webserver using puppeteer on ECS, behind an ALB.

Calling directly the ALB using public DNS name works - the required content is served as expected.

I use two Lambda@Edge functions to filter the incoming requests:

• first one at viewer request to "tag" the request by adding a header,
• second one at origin request to change the origin of the request, from S3 to custom origin (the ALB).

Everything works fine, the lambda are triggered, but the result is a 502 from cloudfront:

<H1>502 ERROR</H1>
	<H2>The request could not be satisfied.</H2>
	<HR noshade size="1px">
	CloudFront wasn't able to connect to the origin.
	We can't connect to the server for this app or website at this time. There might be too much traffic or a
	configuration error. Try again later, or contact the app or website owner.

The origin is changed as in the examples:

   request.origin = {
    custom: {
     domainName: 'XXX.eu-west-3.elb.amazonaws.com',
     port: 3000,
     protocol: 'https',
     path: '',
     // querystring: request.querystring,
     sslProtocols: ["TLSv1", "TLSv1.1", "TLSv1.2"],
     readTimeout: 5,
     keepaliveTimeout: 5,
     customHeaders: {}
    }
   };
   request.headers['host'] = [{ key: 'host', value: 'XXX.eu-west-3.elb.amazonaws.com' }];

As said previously, calling XXX.eu-west-3.elb.amazonaws.com:3000 directly using Postman works perfectly fine.

Am I missing something ?! Thanks for the help,

EDIT: I checked the protocol, added the custom origin in the "Origins" of Cloudfront without change of the result