DNS magic (AWS Route53) to expose S3 and EBeanStalk as single domain (to avoid CORS)

Question

We have static html pages hosted on S3, which talk to REST services hosted on EC2 (managed by Elastic Beanstalk). Because S3 and EB are different hosts, these are CORS requests. The backend server is setting the required headers to allow CORS:

    if(allowOrigin){
        response.setHeader("Access-Control-Allow-Origin", clientOrigin);
        response.setHeader("Access-Control-Allow-Credentials", "true");
    }

The problem is that the REST services use sessions, which means they send a session cookie back to the browser. But most browsers have "don't accept 3rd party cookies" by default, so this doesn't actually work. We could pass the value of the session cookie as a POST parameter, but then we'd have to re-implement session management that JEE does for us a with a simple call to request.getSession(true) .

As a solution, we are hoping for some DNS wizardry that would allow us to present both S3 and EB services as if they are the same domain. So for example, do something like this:

Request: mydomain.com/somePath/to/page --> redirect to S3 bucket/somePath/to/page
Request: mydomain.com/services/path/to/service --> redirect to EB/path/to/service

So the redirect is conditional to /services/ being present as the root folder

We'd prefer to do this at the DNS level rather than from within an S3 redirect, because Amazon charges fees for every request that hits S3 (so we'd be paying twice for all hits to /services/

How can we achieve something like that? Other ideas welcome.

Answer 1

You can do this with CloudFront.

1. Create a distribution on CloudFront for your "common" domain. All requests will go through CloudFront.
2. Create two origins in your distribution:
   1. One origin that will use your S3 bucket, and
   2. One origin that will use your EB application
3. You can then separate these origins based on the HTTP request path using 2 behaviours.

You'll also be able to take advantage of CloudFront's ability to cache your static S3 assets.

Answer 2

CNAME entries, perhaps?

If I've got A.example.com as a CNAME to myhost.example1.net (or whatever), and B.example.com as a CNAME to myotherhost.example2.net (or whatever), then a web browser visiting A.example.com, if that page has a reference to B.example.com, sees them as being from A.example.com and B.example.com, regardless of where they're actually hosted.

I've got a lot of field servers where I do something like this. At the locations where I've got a static IP addresses, I've got A records for them on my primary domain range. At the locations where I don't, I've got CNAME records for them on my primary domain range, which point at Dynamic DNS records via a different provider.