Search code examples
amazon-web-servicesamazon-cloudfront

AWS CloudFront works with HTTP, but HTTPS get error - The request could not be satisfied. CloudFront wasn't able to connect to the origin

I'm triying to serve my server trough AWS CloudFront. But I have some issues.

Scenario

  • One EC2 instance that is able to serve http and https (TLS 1.2)
    • this site serves a self signed TSL certificate.
  • One CloudFront distribution
    • Origin pointing to EC2 with protocol marked as "Match Viewer"
    • Behaviour set to do not cache and Viewer protocol policy- HTTP and HTTPS, Cache Based on Selected Request Headers :All
    • Distribution serving HTTPS with an AWS Signed certificate.

What happens

  • Acessing EC2 directaly does serve the page with "invalid certificate" (as expected)
  • Acessing CloudFront Url works to HTTP pages.
  • Acessing CloudFront Url DOES NOT works to HTTPS pages... I got 502 error (CloudFront wasn't able to connect to the origin.)

What I expect

  • Acessing CloudFront Url working to HTTPS pages.

What should I do to server my HTTPS content using AWS CloudFront?

Solution

  • CloudFront cannot connect to origins with invalid certificates. You have a few options:

    1. You can configure your distribution to connect to your backed on http only.
    2. Put an ELB/ALB in front of your instance and terminate the TLS on the Balancer. You can use Amazon Certificate manager to create a certificate for free.
    3. Purchase a certificate from a 3rd party and use it on your instance.