Questions tagged with Amazon CloudFront
Content language: English
Sort by most recent
Hello, I'm trying to create a distribution on Cloudfront and S3 and use a domain outside of AWS, with route 53 I can use my domain without problems, but my question is whether it would be possible to use my domain without using Route 53. on the site that hosts my domain, since I don't have ns, it's like something is missing. I can manage to configure the cname from the certificate generated in ACM, the txt and the alias that points to the cloudFront, but I could not configure the ns. So, is Route 53 fundamental in this process?
so i have a fargate proxy service for which public ip is disabled , i have configure load balancers, nat and internet gateway for the service because the servie was in private subnet , so i did all the configurations ,now i am trying to access the service using cloud front distribution wiht behaviour as token - loadbalancer origin , the service is working fine sometimes and sometimes giving me 504 cloud front error as this
"504 ERROR
The request could not be satisfied.
CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
Request ID: RCHf8wHj1tiIdHY1XGCIjAYl2PClTVwR4F3k5hzUbiTsEsfbb0-Oug=="
i have configured the security group of the load balancer to allow all the traffic from internet and same with the secuirty group of my fargate service , for testing purpose , i have also configured a nat gateway , sothat the service can access the internet because it forward the service to another service on the internet and i have also configured an internet gateway so that the service on the internet can talk to the fargate service.
how should i resolve this error , can this be a cloud front specific error and if so how should i resolve it ???.
also in the fargate service logs i am not able to see any issue neither in the load balancer logs ,as well it is showing that the traffic is being forwarded.
I am serving images from S3 and want to migrate to CloudFront.
The S3 bucket is ACL-enabled. Some files are made public (ACL: public-read) and some are private, so they can be accessed like (where public files don't require signature):
* public -> https://xxx.s3.ap-northeast-1.amazonaws.com/public.jpg
* private -> https://xxx.s3.ap-northeast-1.amazonaws.com/private.jpg?AWSAccessKeyId=…&Signature=…&Expires=…
But when I set up CloudFront for this S3 bucket:
1. If I don't restrict viewer access (in Behavior setting), both public and private files can be accessed without signature.
2. If I restrict viewer access using the key pair, then both types require signature in the URLs.
Is it possible to set up this as S3 does, which means, requires signature based on the ACL of the objects in S3?
I have a wordpress plugin with aws, but i don't know if my website is enable in aws, server --> AWS --> website with the correct name.
(service: cloudfront)
i hope i am clear !
my website:
https://plprod74.fr
thank you
We have a bunch of CloudFront distributions, and we need to programmatically access the total bytes transferred (out) for each one of them.
Following the [documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/programming-cloudwatch-metrics.html) on accessing CloudFront's metrics through CloudWatch via API, we can successfully fetch the `BytesDownloaded` metric data points we need.
However, we noticed a small but significant discrepancy between that metric and the one visible in che CloudFront console (Reports & analytics > Cache statistics > Bytes transferred to viewers). Specifically, comparing the `BytesDownloaded` metric fetched through CloudWatch and `TotalBytes` (from [CloudFront popular objects report](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/popular-objects-report.html)): the latter is on average a +5-6% bigger than `BytesDownloaded` (comparing the hourly sum values in the same recent period).
Why is there a discrepancy? How can we access the `TotalBytes` data points through the API?
I need to find a way to customize that Cloudfront distribution as amplify is deploying a managed one that we are not able to access through our console or cli to edit.
I want to increase origin response timout
i want to use all request redirect to https://www.smyro.com.tr
My current settings (S3, Route53, Cloudfront) all requested.
| Request Url | Redirect Url | Result |
| --- | --- | --- |
| http://smyro.com.tr | https://smyro.com.tr | Bad |
| https://smyro.com.tr | https://smyro.com.tr | Bad |
| http://www.smyro.com.tr | https://www.smyro.com.tr | Good |
| https://www.smyro.com.tr | https://www.smyro.com.tr | Good |
how can your help me for this problem ?
Thanks for all answers.
asked 2 days ago
Hi,
When I am creating cloudfront distribution it ask for AWS Certificate , but only in region Virginia, why only in this region?
from what I understand cloudfront is global and doesn't have specific region.
Thank you
Hi
In Route 53 I tried to link domain to cloudfront distribution, but it doesn't show my distribution , it says that it can only show distributions
from us-east-1:
An alias to a CloudFront distribution and another record in the same hosted zone are global and available only in US East (N. Virginia).
but cloudfront distribution doesn't have a region, it is global.
I have no way to choose route 53 to be on on any other region like us-east-2.
My default region is us-east-2.
Also when in cloudfront when I try to add CNAME I get that I can only add certificate from us-east-1:
Associate a certificate from AWS Certificate Manager. The certificate must be in the US East (N. Virginia) Region (us-east-1).
but why only us-east-1?
Can someone please help?
Thank you
Is there a way for cloudfront to pass the original user-agent instead of the Amazon Cloudfront as values to the NextJS server APIs?
I have tried several things such as configuring the behavior on the cloudfront on both the Default(*) and api/* paths to use UserAgentReferrerAgents in the original request policy without any success.
Need some recommendations as our application needs to make some decision on the server side based on the user agent values.
I have a CloudFront distribution with WAF to protect an HTTP API Gateway. CloudFront distribution has an Alternate domain name [api.mysite.dev]() which we manage with CloudFlare (CNAME record points to [https://{distro}.cloudfront.net]()). Distributions Origin is an HTTP API Gateway default endpoint. We use a build-in Auth0 authorizer on API so we cannot use a [custom lambda authorizer](https://wellarchitectedlabs.com/security/300_labs/300_multilayered_api_security_with_cognito_and_waf/3_prevent_requests_from_accessing_api_directly/).
Now I want to higher the security and disable the default API endpoint. I created a Custom domain name for the API with an ACM certificate in the same region and disabled the default endpoint. Instead of the default endpoint, I specified the API's custom domain name as an Origin for CloudFront distribution - ([apigw.mysite.dev]() which is pointing to API Gateway domain name
[d-123abc123.execute-api.{my-region}.amazonaws.com]()).
But CloudFront responds with **404 Not Found error** when calling the [api.mysite.dev]() as if CF couldn't reach the origin custom domain name. CloudFront logs doesn't bring any valuable info.
I've reviewed the [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-custom-domain-names.html) and followed carefully the steps in [knowledge center](https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-domain-cloudfront/).
Can anyone provide any tips on to how to fix the issue? Can I use a HTTP API with custom domain managed externally (and ACM certificate) as a origin for CloudFront?
I am developing a trading bot for the Binance exchange, using their API I am making an average of 50 http web requests per second with spikes up to maximum 200 requests per second.
My application is developed in .net and does intensive use of multithreading.
After a couple of hours that my bot is running, about 2% of my requests start hitting the following error:
Exception: The remote server returned an error: (503) Server Unavailable.
Details: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>503 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
This distribution exceeded the limit on requests per second.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: deswmI9Dh93g-OXhmg0xAXqCT-MRCThr-XbDBBUvtunoo5dqiBbd7g==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
My application backing off for a minute or five or whatever amount of time does not solve the issue, as soon as it starts submitting requests to Binance again the error represents itself.
The only way to temporary solve this problem is to restart my application, but as I said it works only for a couple of hours.
What could the problem be?