24

I've set up a new domain and web server, and a CloudFront distribution to serve it.

CloudFront is successfully serving the site on its own domain: d1lnegrqin0up5.cloudfront.net

I want mpe.io (without www) to go to the web server, and www.mpe.io to go to the CloudFront distribution. As such, I set up a CNAME record for www.mpe.io pointing to the aforementioned CloudFront domain.

I gave it a couple of hours, and www.mpe.io goes to CloudFront (it says "Generated by cloudfront" on the resulting pages) but all requests simple result in a Bad request ERROR.

Note that if I go directly to the CloudFront domain, everything works fine. How can I get www.mpe.io successfully serving files in the same way the CloudFront domain is?

Specifics:

Domain DNS records:

  • Name, TTL, Type, Record
  • mpe.io., 3600, A, 101.0.76.155
  • www.mpe.io., 3600, CNAME, d1lnegrqin0up5.cloudfront.net
  • *.mpe.io., 3600, A, 101.0.76.155

Distribution settings:

  • Delivery method: Web
  • Cookie Logging: Off
  • Distribution Status: Deployed
  • Price Class: Use All Edge Locations (Best Performance)
  • State: Enabled
  • Alternate Domain Names (CNAMEs): - (could this be important?)
  • SSL Certificate: Default CloudFront Certificate (*.cloudfront.net)
  • Domain Name: d1lnegrqin0up5.cloudfront.net
  • Custom SSL Client Support: -
  • Default Root Object: /index
Bilal Akil
  • 4,716
  • 5
  • 32
  • 52

2 Answers2

45

All good! I answered my question as I was writing it.

It was that field regarding Alternate Domain Names (CNAMEs) in the distribution's settings. When I added www.mpe.io as one of them and gave it some time, it ended up working fine.

Bilal Akil
  • 4,716
  • 5
  • 32
  • 52
  • 4
    This is because the browser sends whatever hostname shows in the address box, in the `Host:` header. CNAMEs in DNS do not change that behavior on the part of browsers. Without configuring your CloudFront distribution for the exact `Host:` headers it should assume are associated with your distribution (the alternate domain name configuration), CF had no way to know *which* distribution should process the request. Without that, CF has absolutely nothing to go on, and hence, "bad request." – Michael - sqlbot Aug 09 '15 at 13:35
  • 1
    But didn't the request get DNS'd (yes, I just did that) directly to the domain for a specific distribution (d1lnegrqin0up5.cloudfront.net)? I figured there wouldn't be much decision making left from that point. I figured it would be some kind of security thing, so random domains couldn't just use my distro (but that's just off the top of my head - doesn't make much sense when I think further into it). – Bilal Akil Aug 09 '15 at 13:37
  • 3
    Sure the DNS apparently worked fine, otherwise you wouldn't have seen an error *coming for CloudFront*... but the IP addresses you get back in response to querying your `*.cloudfront.net` hostname are shared by tens or hundreds or thousands of other distributions. The `Host:` header sent by the browser is the mechanism CloudFront uses in order to work out *which* distribution the request will be processed by and the "Alternate Domain Names" configuration is how these are provisioned. – Michael - sqlbot Aug 09 '15 at 13:55
  • Ahh, so the universe isn't centred around me (that distro domain isn't mine alone)... sorry, that never crossed my mind >< Thanks for clearing that up Michael sqlbot! – Bilal Akil Aug 09 '15 at 13:57
  • 2
    At the risk of being inadvertently misquoted, the distro *domain* is exclusively yours... xxxxxxxxxx.cloudfront.net is all you, but the nature of HTTP and DNS is such that the destination system is only aware of what site you *initially* tried to reach (www.mpe.io) and it has no way of knowing how you got there from here, by way of a CNAME pointing to the x.cloudfront.net hostname, or an A record with a static IP, or even an entry in your local machine's "hosts" file. – Michael - sqlbot Aug 09 '15 at 14:19
  • But why does it need to know how you got there? At this point isn't it already at xxxxxxxxxx.cloudfront.net, which is configured to serve from the mpe.io origin, and thus can start serving files? Why/what difference does www.mpe.io matter/make? I'm sorry for my many questions, I just like to understand how and why things work. – Bilal Akil Aug 09 '15 at 15:06
  • 4
    When the request arrives, it's only "at" an IP address. The browser sends the `Host:` header to indicate which site is being requested, since essentially any web server can serve up more than one site. Any intermediate hostnames referenced by CNAMEs in resolving the original hostname to the destination IP address is lost. Cloudfront would only know you were looking for the x.cloudfront.net endpoint if that were what had been typed into the browser directly. – Michael - sqlbot Aug 09 '15 at 20:59
  • 1
    Ok, and that IP address can't be "pre-configured" to know what domain it's working with, so to speak, because it in fact can work for many distros, so it needs the alternate domain name to figure out which one in particular. I think I'm on the ball now! Thanks for bearing with me Michael. – Bilal Akil Aug 09 '15 at 21:11
  • awesome, d00d3! – maephisto Apr 10 '17 at 13:00
1

You made my day. The moment I added www.domain in the CloudFront Distributions, iI recognizes the web.

I also tried with one subdomain to test and added CloudFront URL in CNAME in GoDaddy and subdomain entered in CloudFront Distributions and it also works.

I added the snapshot of CloudFront for amateurs like me.

enter image description here

Saurabh Sinha
  • 1,363
  • 1
  • 9
  • 11