I was able to get Cloudfront working with an S3 instance, but I'm stuck with EC2 (I'm new to AWS). My Go server is accessible via elastic IP on port 443.
When creating the Cloudfront distribution, I used my EC2's public DNS (IPv4) as the Origin, HTTPS only, alternate domain names to the host zones I've defined in Route43, custom SSL certificate from Certificate Manager (which is issued). The status of the Cloudfront distribution is Deployed and State is enabled.
If I try to access the Cloudfront distribution by using the subdomain I've setup, and I simply get "Sever Not Found". If I try to access the Cloudfront distribution using the given Cloudfront domain name, I get "502 ERROR The request could not be satisfied. CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. "
Are there more steps I'm missing to the process? I thought I could use EC2 as an origin.
DNS with Route43,
Domain registered through GoDaddy
Cloudfront domain name: d2yxz5aawjiy26.cloudfront.net
Subdomain: api.tranquility.app
Elastic IP: 35.182.112.85 running on port 443
EDIT: If it matters, I'm running docker with the app mapping port 443 to 8080 in docker-compose.
UPDATE: Perhaps something to do with https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html and that I should use a load balancer for my ec2 instance.
I ended up taking an alternative route and used Elastic Beanstalk, then switched the Cloudfront origin to the URL of the Elastic Beanstalk instance. I've added an HTTPS listener on port 443 to the load balancer and out to port 80 on the instances of the Elastic Beanstalk. I was also missing the name servers that Route 53 gave me, since my DNS is with them but Domain is with GoDaddy - so I added the four NS records into GoDaddy from Route 53.
Related
I have followed the below steps to make it https but still i am seeing the site is insecure.. what else i am missing?
Uploaded content in S3 Bucket
Created EC2 Instance with security group for port 22 and 80 to allow 0.0.0.0/0
Installed apache and started the services in the ec2 instance
Created ELB and added listeners to route
http to https
https to target group
Registered Target and when I launch url (DNS name in ELB), I am getting still insecure..
Thanks,
Chandra
when I launch url (DNS name in ELB)
You can't use the ELB's DNS name if you want to use SSL, because you won't be able to have an SSL certificate that matches that DNS name. You have to point a domain name at the ELB that you own, and use an SSL certificate that matches that domain name.
I have ElasticBeanstalk environment which should be exposed to the Internet via HTTPS port but also exposed via HTTP only to some instances inside my cloud. It therefore has 2 listeners. EB auto-sets a "HTTP ANY IP" inbound rule for the LoadBalancer security group of my env.
Now, I have defined a Route 53 alias to my EB environment, e.g. "myenv.company.internal". Next, I curl "http://env1.company.internal" from some EC2 instance and it works only if the inbound rules are "HTTP ANY IP". If I try to limit HTTP only to the security group of my EC2 instance, that instance cannot curl.
How do I limit HTTP port 80 access of my EB environment only to some other security group in my cloud?
How do I limit HTTP port 80 access of my EB environment only to some other security group in my cloud?
You can't do this for internet facing ALB. If you setup env1.company.internal private hosted zone record for public ALB, it will just resolve to public IP addresses of the ALB.
Therefore, you can't use SGs in ALB SG ingress rules to limit traffic. That's why it works with HTTP ANY IP, but not with reference SGs.
If you want to overcome this issue, you can attach an Elastic IP to your other instance, and limit port 80 on ALB to only allow connections from the Elastic IP address. For more instances, you can use NAT gateway's public IP address.
I have a domain name mydomain.com registered on amazon route 53.
I have an EC2 instance in which I installed a docker portainer image under 9000 port.
My docker image run perfectly under ec2 public ip address:
http://xxx.xxx.xxx.xxx:9000
What I want now is to create a subdomain: portainer.mydomain.com and pointed it to my EC2 portainer instance.
When I try to create a new record set portainer.mydomaon.com and point it to my docker image instance I can't specify the port value.
I know I miss something, I'm on my beginning on DNS domains.
Route 53 is a DNS resolver. Its job is to resolve domain to ip address. It has nothing to do with port.
But there are some alternatives:
Add a secondary ip to the instance to host multiple websites and bind them to port 80. You add an additional ip by attaching elastic network interface (ENI).
Add Application Load Balancer with host based routing (you will get much more control, you can even do path based routing as well). See: Listeners for Your Application Load Balancers - Elastic Load Balancing
S3 redirection (Route 53 Record Set on Different Port)
I tried creating an Amazon EC2 instance with an elastic IP address. In there I deployed a MEAN app by Bitnami.
On the other hand we have a CPanel (not deployed in amazon, I think it's Apache, not sure, I'm not the one who deployed it)
Cpanel is already pointing to www.example.com so we can access cpanel via www.example.com:2082 but the default www.example.com:80 is blank/empty. We are using Cpanel for our mailing server.
What I need to do is to point Amazon EC2 public IP and DNS to www.example.com:80. Can I set it up in Cpanel DNS Zone Editor? or do I need to set up Amazon Route 53? what do I need?
If I create a new A record in Cpanel DNS Zone editor for Amazon I lose access to Cpanel www.example.com:2082. I'm really confuse right now. Please Help.
You need to introduce a Proxy server in between to do this, As in DNS you can't set the ports, for each type of requests ports are already defined.
You can add nginx or haproxy or any other reverse proxy server, which will accept all the requests and passes on the request to appropriate hosts on appropriate ports.
I know it's a bit late but just in case you still need it or someone comes across this:
No need for a proxy.
You point the A record for example.com to EC2 IP.
CNAME for WWW to example.com
Then you should have an A record for mail.example.com for your cPanel IP
Your MX records should point to mail.example.com and not to example.com.
And you can access cPanel at mail.example.com:2082 or whatever the server's IP or main hostname is. The main hostname has the advantage that you can use port 2083 for SSL cPanel connections
Just make sure the e-mail clients use mail.example.com and not example.com as the connecting mail server.
I'm running into this problem trying to link my Godaddy domain with an AWS Elastic Beanstalk instance. I found a lot of documentation on how to link an EC2 instance with a domain on Godaddy but not for Elastic Beanstalk instance. So I ended up with this URL: www.MY_SITE.elasticbeanstalk.com
Here is what I did for an EC2 instance:
I updated the Nameservers on my Godaddy domain with the ones from my Route 53 Hosted Zone.
I created a new Elastic IP on the EC2 console.
I went back to Godaddy and updated the DNS A # field from their DNS Manager, with the EC2 Elastic IP one.
You normally have to wait 1h to 48h and it should work.
How can I do the same for a AWS Elastic Beanstalk instance, not an EC2 one? I can't see the instance I created from my EC2 console in order to link it to an Elastic IP.
Hope this is clear enough.. Any help?
No need to create a CNAME or do any forwarding - this is bad from the point of SEO and not recommended by Amazon. Even you should not point a record to IP directly - it will cause a lot of troubles in the future because IP can be changed any moment.
The most elegant way is to migrate DNS service from GoDaddy to Route 53. You still will be with GoDaddy, but handling requests for your site will be on Amazon's side.
Here is what you need to do:
Create a new Hosted Zone for your site in Route 53 console:
Open newly added domain name, find NS record and copy servers:
In GoDaddy's Domain Manager export records via "Export Zone File (Windows)".
Import those records to Route 53 ("Import Zone File" button).
In GoDaddy's Domain Manager set custom DNS nameservers, obtained on the 2nd step:
Migrating might take some time (even days).
Now you can link you domain with your Elastic Beanstalk site. To do so select/create proper A record type in Route 53 and set Alias for it:
Here's what I did when I was facing the problem of linking a GoDaddy domain with AWS ElasticBeanstalk.
DNS Manager:
A record #: 64.202.189.170 (that is GoDaddy's forwarding IP btw)
Cname www: AWS EB domain (e.g. awseb-xyz.us-east-1.elb.amazonaws.com)
Forwarding:
Forward Domain to www.example.com (forward only, without masking)
Forward Subdomain to AWS EB domain (e.g. awseb-xyz.us-east-1.elb.amazonaws.com) (with masking)
In order to access the site without www (e.g. http://example.com), I had to set up the forwarding of the domain to the www cname. This www cname then gets forwarded to the AWS EB domain (with masking in order to keep www.example.com in the address bar).
You should add a CNAME record to your Godaddy domain name that maps from www.yourGoDaddyDomain.com -> MY_SITE.elasticbeanstalk.com.
That will direct requests to your domain name to the load balancer that is running in your elastic beanstalk environment. You don't want to route your domain name to a specific server (i.e. an elastic IP), you want it to go to the load balancer and that will route requests to your server(s). Since AWS Load balancers don't use IPs (they use domain names), you don't want to set up an A record for this - a CNAME record maps domain names to domain names.
Look at the "Adding or Editing CNAMEs" section of the GoDaddy documentation on how to do this.
Your route53 configuration has to point to the load balancer, not the ec2 instance