Questions tagged with Amazon CloudFront
Content language: English
Sort by most recent
I am serving images from S3 and want to migrate to CloudFront.
The S3 bucket is ACL-enabled. Some files are made public (ACL: public-read) and some are private, so they can be accessed like (where public files don't require signature):
* public -> https://xxx.s3.ap-northeast-1.amazonaws.com/public.jpg
* private -> https://xxx.s3.ap-northeast-1.amazonaws.com/private.jpg?AWSAccessKeyId=…&Signature=…&Expires=…
But when I set up CloudFront for this S3 bucket:
1. If I don't restrict viewer access (in Behavior setting), both public and private files can be accessed without signature.
2. If I restrict viewer access using the key pair, then both types require signature in the URLs.
Is it possible to set up this as S3 does, which means, requires signature based on the ACL of the objects in S3?
I have a wordpress plugin with aws, but i don't know if my website is enable in aws, server --> AWS --> website with the correct name.
(service: cloudfront)
i hope i am clear !
my website:
https://plprod74.fr
thank you
We have a bunch of CloudFront distributions, and we need to programmatically access the total bytes transferred (out) for each one of them.
Following the [documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/programming-cloudwatch-metrics.html) on accessing CloudFront's metrics through CloudWatch via API, we can successfully fetch the `BytesDownloaded` metric data points we need.
However, we noticed a small but significant discrepancy between that metric and the one visible in che CloudFront console (Reports & analytics > Cache statistics > Bytes transferred to viewers). Specifically, comparing the `BytesDownloaded` metric fetched through CloudWatch and `TotalBytes` (from [CloudFront popular objects report](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/popular-objects-report.html)): the latter is on average a +5-6% bigger than `BytesDownloaded` (comparing the hourly sum values in the same recent period).
Why is there a discrepancy? How can we access the `TotalBytes` data points through the API?
I need to find a way to customize that Cloudfront distribution as amplify is deploying a managed one that we are not able to access through our console or cli to edit.
I want to increase origin response timout
i want to use all request redirect to https://www.smyro.com.tr
My current settings (S3, Route53, Cloudfront) all requested.
| Request Url | Redirect Url | Result |
| --- | --- | --- |
| http://smyro.com.tr | https://smyro.com.tr | Bad |
| https://smyro.com.tr | https://smyro.com.tr | Bad |
| http://www.smyro.com.tr | https://www.smyro.com.tr | Good |
| https://www.smyro.com.tr | https://www.smyro.com.tr | Good |
how can your help me for this problem ?
Thanks for all answers.
asked a day ago
Hi,
When I am creating cloudfront distribution it ask for AWS Certificate , but only in region Virginia, why only in this region?
from what I understand cloudfront is global and doesn't have specific region.
Thank you
Hi
In Route 53 I tried to link domain to cloudfront distribution, but it doesn't show my distribution , it says that it can only show distributions
from us-east-1:
An alias to a CloudFront distribution and another record in the same hosted zone are global and available only in US East (N. Virginia).
but cloudfront distribution doesn't have a region, it is global.
I have no way to choose route 53 to be on on any other region like us-east-2.
My default region is us-east-2.
Also when in cloudfront when I try to add CNAME I get that I can only add certificate from us-east-1:
Associate a certificate from AWS Certificate Manager. The certificate must be in the US East (N. Virginia) Region (us-east-1).
but why only us-east-1?
Can someone please help?
Thank you
Is there a way for cloudfront to pass the original user-agent instead of the Amazon Cloudfront as values to the NextJS server APIs?
I have tried several things such as configuring the behavior on the cloudfront on both the Default(*) and api/* paths to use UserAgentReferrerAgents in the original request policy without any success.
Need some recommendations as our application needs to make some decision on the server side based on the user agent values.
I have a CloudFront distribution with WAF to protect an HTTP API Gateway. CloudFront distribution has an Alternate domain name [api.mysite.dev]() which we manage with CloudFlare (CNAME record points to [https://{distro}.cloudfront.net]()). Distributions Origin is an HTTP API Gateway default endpoint. We use a build-in Auth0 authorizer on API so we cannot use a [custom lambda authorizer](https://wellarchitectedlabs.com/security/300_labs/300_multilayered_api_security_with_cognito_and_waf/3_prevent_requests_from_accessing_api_directly/).
Now I want to higher the security and disable the default API endpoint. I created a Custom domain name for the API with an ACM certificate in the same region and disabled the default endpoint. Instead of the default endpoint, I specified the API's custom domain name as an Origin for CloudFront distribution - ([apigw.mysite.dev]() which is pointing to API Gateway domain name
[d-123abc123.execute-api.{my-region}.amazonaws.com]()).
But CloudFront responds with **404 Not Found error** when calling the [api.mysite.dev]() as if CF couldn't reach the origin custom domain name. CloudFront logs doesn't bring any valuable info.
I've reviewed the [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-custom-domain-names.html) and followed carefully the steps in [knowledge center](https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-domain-cloudfront/).
Can anyone provide any tips on to how to fix the issue? Can I use a HTTP API with custom domain managed externally (and ACM certificate) as a origin for CloudFront?
I am developing a trading bot for the Binance exchange, using their API I am making an average of 50 http web requests per second with spikes up to maximum 200 requests per second.
My application is developed in .net and does intensive use of multithreading.
After a couple of hours that my bot is running, about 2% of my requests start hitting the following error:
Exception: The remote server returned an error: (503) Server Unavailable.
Details: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>503 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
This distribution exceeded the limit on requests per second.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: deswmI9Dh93g-OXhmg0xAXqCT-MRCThr-XbDBBUvtunoo5dqiBbd7g==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
My application backing off for a minute or five or whatever amount of time does not solve the issue, as soon as it starts submitting requests to Binance again the error represents itself.
The only way to temporary solve this problem is to restart my application, but as I said it works only for a couple of hours.
What could the problem be?
Good day Team,
Is there currently any functionality to :
1) Assign a custom DNS name to the Amazon Grafana Workspace URL AND disable the default/managed URL.
2) Run this custom URL behind AWS WAF.
I have a CloudFront distribution with S3 origins.
In the origin settings there are custom headers added (i.e. "x-test").
The behaviour has two Lambdas: for "origin request" and "origin response" hooks (both NodeJS).
It is all completely fine with the one for "origin response" hook, but the one for "origin request" doesn't receive "x-test" header in the event...headers object.
All the docs and articles I've read say that "origin request" Lambda should get this header too.
Tried to add "x-test" header to whitelist in attached "origin request policy" - this didn't help.
Cannot find ANY information why could this happen. Does anyone have any ideas?