Search code examples
amazon-web-serviceshttpsamazon-cloudfront

Set both https and http from one origin in CloudFront

I'm using cloudfront to redirect a web app to a S3 bucket for some media content. As we trying to add HTTPS to our test environment, we wanted to add the https://app.foo.com origin to our cloudfront distribution. We've tried two different ways:

  1. On the Create Origin tab, creating the second origin with the https

  2. By editing the first working origin (in http) and adding a second origin header beneath the first one (in the origin settings tab).

None of these solutions seems to works, the app with http origin can access the bucket content. But the redirection with https does not work. I must precise that our authorizations on the bucket are ok, we can access the bucket content with the CloundFront link, and the CORS rules accept both http and https for the app. It looks like the https origin is not processed by ClondFront. Thanks in advance

Solution

  • You need to understand what CloudFront is. It isn't "redirecting" users to an S3 bucket like you state in your question. It is loading, and caching the contents of the S3 bucket, and serving it to the user on request. An origin isn't a location for CloudFront to redirect users to. An Origin is a location for CloudFront to load resources from. In the context of http vs. https connections and CloudFront, you have the following decisions to make:

    1. Will CloudFront communicate with the origin via http or https. This decision will not affect your users ability to load http or https resources in any way.

    2. Will CloudFront serve both http and https content to your users, or will it redirect all http requests to https. This decision is not impacted by the origin configuration in any way.

    The user's web browser is making an HTTP connection to a CloudFront server, and receiving the response from CloudFront. The user's web browser is never making a connection directly to S3.

    You can't have two origins that only differ by http/https protocol. Both of those origins would be at the same path, and contain the same content. CloudFront only wants one of those origins, which it will connect to as needed to populate its cache.