指向 S3 存储桶和 ELB 的 Cloudfront 分布

Question

I am trying to configure my cloudfront distribution to route requests for mydomain.com to an S3 bucket and requests for mydomain.com/api/* to an ELB.

In route 53, I have dev.mydomain.com pointing to the cloudfront distribution with an alias record

Alias to cloudfront in route53

I have configured two origins in cloudfront - one to S3 and one to a publicly accessible ELB

Cloudfront origins setup

I have configured one (on top of default) behavior to route api/* requests to the ELB origin

Cloudfront behaviors setup

I have no issues with the S3 bucket. When I added the new behavior to route api/* requests to the ELB, I am receiving a 502 gateway error whenever I hit api/* routes.

When I make a request to the ELB from the origin I provided to Cloudfront, I am seeing the following response in Postman:

Error: Hostname/IP does not match certificate's altnames: 
Host: mydomain-api-dev-env.us-east-1.elasticbeanstalk.com. is not in the cert's altnames: DNS:*.mydomain.com

This leads me to believe the 502 is because the ELB url is not included in mydomain.com's cert.

Assuming that this is my issue, how would I go about resolving this certificate issue since I don't own the elasticbeanstalk.com domain?

Answer 1

You have to associate your own domain with the load balancer and add proper SSL to it. Then in your CF distro, you are going to use your own ALB's domain, not the one provided by AWS.