By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

cloud front issue

0

so i have a fargate proxy service for which public ip is disabled , i have configure load balancers, nat and internet gateway for the service because the servie was in private subnet , so i did all the configurations ,now i am trying to access the service using cloud front distribution wiht behaviour as token - loadbalancer origin , the service is working fine sometimes and sometimes giving me 504 cloud front error as this "504 ERROR The request could not be satisfied. CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. Generated by cloudfront (CloudFront) Request ID: RCHf8wHj1tiIdHY1XGCIjAYl2PClTVwR4F3k5hzUbiTsEsfbb0-Oug=="

i have configured the security group of the load balancer to allow all the traffic from internet and same with the secuirty group of my fargate service , for testing purpose , i have also configured a nat gateway , sothat the service can access the internet because it forward the service to another service on the internet and i have also configured an internet gateway so that the service on the internet can talk to the fargate service.

how should i resolve this error , can this be a cloud front specific error and if so how should i resolve it ???. also in the fargate service logs i am not able to see any issue neither in the load balancer logs ,as well it is showing that the traffic is being forwarded.

Topics
ServerlessContainersNetworking & Content Delivery
Tags
AWS FargateNetworking & Content DeliveryElastic Load BalancingAmazon CloudFrontSecurity Group
Language
English
rePost-User-7892093
asked a year ago289 views
2 Answers
0

he 504 error you are seeing is a response from CloudFront indicating that it is unable to establish a connection with the origin server (your Fargate service). This could be due to a number of reasons, such as network issues, configuration issues, or problems with the origin server itself.

profile picture
kishanpokar
answered a year ago
  • rePost-User-7892093
    a year ago

    but how is it possible that sometimes the service isrunning perfectly fine but sometimes its causing this failure , when i am inspecting the service its throwing x-cache :error from cloudfront in the response header and when the service is working fine its giving x-cache :miss from cloudfront

  • rePost-User-7892093
    a year ago

    :this is the reuest response when the service is failing. Request URL:"deleted this for safety purpse" Request Method: POST Status Code: 504 Remote Address: 65.9.86.120:443 Referrer Policy: strict-origin-when-cross-origin content-length: 1033 content-type: text/html date: Wed, 22 Mar 2023 07:07:23 GMT server: CloudFront via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront) x-amz-cf-id: vN_h814PGsvIxJ4VsPAAqJq6xRKM-MJgb12xPd6KgMo3pcizRVGFAQ== x-amz-cf-pop: AMS1-C1 x-cache: Error from cloudfront :authority: developer.topcon.com :method: POST :path: /token :scheme: https accept: application/json, text/plain, / accept-encoding: gzip, deflate, br accept-language: en-GB,en-US;q=0.9,en;q=0.8 content-length: 242 content-type: application/json cookie: _ga=GA1.2.1149624007.1678885681; _gid=GA1.2.1996509926.1679302347; _gat_gtag_UA_169885348_1=1 origin: https://developer.topcon.com referer: https://developer.topcon.com/en/ sec-ch-ua: "Google Chrome";v="111", "Not(A:Brand";v="8", "Chromium";v="111" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-dest: empty sec-fetch-mode: cors sec-fetch-site: same-origin user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

    this is when the service is passing: Request URL: "" Request Method: POST Status Code: 200 Remote Address: 65.9.86.120:443 Referrer Policy: strict-origin-when-cross-origin cache-control: no-store

  • rePost-User-7892093
    a year ago

    is it possible that can be related to cloud front cache handling or header problem ???

0

Have you tried bypassing CloudFront and accessing the Load Balancer origin directly to see if you get the same errors?

Intermittent errors like this when ELB is involved can be due to a misconfiguration where the Load Balancer is working OK for one AZ but not another.

EXPERT
skinsman
answered a year ago
  • rePost-User-7892093
    a year ago

    i tried accessing the service using load balancer dns name but its not worksin. these are my load balancer logs . where i have tried hitting the service 4 times http 2023-03-21T06:17:33.808900Z app/sso-proxy-production-balancer/f16467361ac30436 193.32.162.159:57588 10.0.1.67:8080 0.001 0.001 0.000 400 400 424 135 "GET http://34.248.193.73:80/ HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46" - - arn:aws:elasticloadbalancing:eu-west-1:860517934442:targetgroup/sso-prod-fargate-target-group/ebf4fbd0071d1c66 "Root=1-64194bfd-3e38abbe06283f9c3318fe5f" "-" "-" 0 2023-03-21T06:17:33.807000Z "forward" "-" "-" "10.0.1.67:8080" "400" "-" "-" http 2023-03-21T06:17:47.114735Z app/sso-proxy-production-balancer/f16467361ac30436 130.176.120.112:36376 10.0.1.67:8080 0.001 0.560 0.000 200 200 1322 7795 "POST http://developer.topcon.com:80/token HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" - - arn:aws:elasticloadbalancing:eu-west-1:860517934442:targetgroup/sso-prod-fargate-target-group/ebf4fbd0071d1c66 "Root=1-64194c0a-2082f5f25c8d6986051c8534" "-" "-" 0 2023-03-21T06:17:46.552000Z "forward" "-" "-" "10.0.1.67:8080" "200" "-" "-"

    http 2023-03-21T06:18:07.452896Z app/sso-proxy-production-balancer/f16467361ac30436 130.176.120.112:57426 10.0.1.67:8080 0.001 0.518 0.000 200 200 1322 7795 "POST http://developer.topcon.com:80/

  • rePost-User-7892093
    a year ago

    it is showing that whenever there is a get request , the error comes and whenever there is a post request , everything is fine , also when get request is made , it is going to the loadbalancer ip address but when post request is made it is going through cloud front domain name , how to make sure that the request is always post request and it moves only through cloud front and should not move through the load balancer directly ?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content