AWS Route 53 integration with Cloudfront error (403)

Question

I deployed a react app to AWS recently after following this tutorial, everything is working fine except when I wanted to integrate a custom domain that I bought recently using AWS Route 53, I get an error (403).

For the integration of Route 53 with CloudFront I followed these steps in the docs as they are, I know that my problem is related to some sort of permission authority, but I don't know where exactly I did something wrong.

Ala Douagi · Accepted Answer · 2021-05-11T17:09:11.213

38

Solved, my problem was related to unassigned Alternate Domain Names (CNAMEs) for the CloudFront Distribution.

edited May 11 '21 at 17:09

answered Oct 25 '17 at 23:00

Ala Douagi

1,035
2
10
14

14

Absolutely correct. However, for readers too inpatient to finish the whole sentence in the answer: this setting is in CloudFront, not Route 53! – openwonk Aug 18 '19 at 07:19
Great, thanks, this pointed me in the right direction! When using serverless with AWS Amplify, go to 'AWS Amplify > Domain Management' and add your domain there. The SSL and DNS propagation will be handled automatically once the domain has been added, so no need to get certs anywhere else – Christoffer Nov 30 '21 at 15:04
this also includes the domain itself (example.com). I did not initially have it at first, but after I added it to the Alternate Domain Names (CNAMEs), it worked! – FBaez51 May 29 '23 at 15:32

Rot-man · Answer 2 · 2020-05-27T10:09:12.377

Adding additional information regarding the two answers above.

As described in How do I resolve the error "The request could not be satisfied. Bad Request" from Amazon CloudFront :

This error message "The request could not be satisfied. Bad Request." is from the client and the error can occur due to one of the following reasons:

1) The request is initiated over HTTP, but the CloudFront distribution is configured to allow only HTTPS requests.

2) The requested alternate domain name (CNAME) isn't associated with the CloudFront distribution.

Solution for #1:
Open the Amazon CloudFront console -> Select the relevant distribution -> Go Behaviors view -> Choose the behavior that matches the request and Edit -> Then select in the Viewer Protocol Policy between the options of: HTTP and HTTPS or Redirect HTTP to HTTPS.

Solution for #2:
Since this release when you add an alternate domain name to a distribution, you must also attach a SSL/TLS certificate to that distribution that covers the alternate domain name.

So, first of all make sure that you do the following before you update your distribution to add an alternate domain name:

A) Register the domain name with domain provider (GoDadday, CloudFlare, Route 53 etc').

B) Add a certificate from an authorized certificate authority (for example - Let's Encrypt) to CloudFront that covers the domain name you plan to use with the distribution, to validate that you are authorized to use the domain. (Read more in here).

And only then:
Open Amazon CloudFront console -> General view -> Edit -> Alternate Domain Names (CNAMEs) -> enter the CNAME that you want to associate with the CloudFront distribution (for example www or home).

"And only then" - key bit for me! I did that bit first, then R53. Once I re-opened the CF distro and saved it again, it worked fine — David Lavender, Jul 06 '23 at 08:26

score 1 · Answer 3 · answered Oct 25 '17 at 19:45

1

Looks like you are trying http instead of https.

If you have enabled http, then it means the destination method or path cannot be reached.

answered Oct 25 '17 at 19:45

Kannaiyan

12,554
3
44
83

what is the proposed solution exactly? – Ala Douagi Oct 25 '17 at 20:33
It is not a magic, there are lot of parameters involved. You need to share all the details of your settings before anyone can propose a solution. This is one of those to start with. – Kannaiyan Oct 25 '17 at 21:52

AWS Route 53 integration with Cloudfront error (403)

3 Answers3