#StackBounty: #redirect #amazon-s3 #aws-lambda #amazon-cloudfront #aws-lambda-edge Cloudfront, lambda @ edge, S3 redirect objects,

Bounty: 50

I am building a S3 URL redirect, nothing special just a bunch of zero length objects with the WebsiteRedirectLocation meta filled out. The S3 bucket is set to server static websites, bucket policy set to public ect. It works just fine.

HOWEVER – I also want to lock down certain files in the bucket – specifically some html files that serve to manage the redirects (like adding new redirects). With the traditional set up, I can both use the redirects, and also serve the html page just fine. But in order to lock it down, I need to use Cloudfront and Lambda@edge like in these posts:

https://douglasduhaime.com/posts/s3-lambda-auth.html

http://kynatro.com/blog/2018/01/03/a-step-by-step-guide-to-creating-a-password-protected-s3-bucket/

I have modified the lambda@edge script to only prompt for a password IF the admin page (or its assets like CSS/JS) are requested. If the requested path is something else (presumably a redirect file) the user is not prompted for a password. And yes, I could also set a behavior rule in Cloudfront to decide when to use the Lambda function to prompt for a password.

And it works kind of. When I follow these instructions and visit my site via the Cloudfront URL, I do indeed get prompted for a password when I goto the root of my site – the admin page. However, the redirects will not work. If I try to load a redirect the browser just downloads it instead.

Now, in another post someone suggested that I change my Cloudfront distribution endpoint to the S3 bucket WEBSITE endpoint – which I think also means changing the bucket policy back to website mode and public which sucks because now its accessible outside of the Cloudfront policy which I do not want. Additionally – Cloudfront no longer automatically serves the specified index file, which isnt the worst thing.

SO – is it possible to lock down my bucket, server it entirely through Cloudfront with Lambda@edge BUT also have Cloudfront respect those redirects instead of just prompting a download? Is there a setting in Cloudfront to respect the headers? Should I set up different behavior rules for the different files (html vs redirects)?


Get this bounty!!!

#StackBounty: #amazon-s3 #amazon-cloudfront Cloudfront not caching missing pages

Bounty: 50

So to explain a problem I have an S3 bucket with static site and CloudFront as CDN. On S3 the index and error document are both index.html. So when I go to subdomain.example.com I get served index.html and get Hit from Cloudfront.

However my static page is Vue page with router and default path is /en so when I reload the page subdomain.example.com/en I get Error from cloudfront. The same happens if I try to refresh it after it got hit the first time. Everything else(.css, .js, .img …) is cached ok.

I have S3 connected in origin like that:

Origin Domain Name: s3.eu-central-1.amazonaws.com
Origin Path: /subdomain.example.com
Origin ID: subdomain.example.com
Minimum Origin SSL Protocol: TLSv1
Origin Protocol Policy: HTTP Only
Origin Response Timeout: 30
Origin Keep-alive Timeout: 5
HTTP Port: 80
HTTPS Port: 443

On Cloudfront I also have custom error responses for 400,403 and 404 all pointing to /index.html with code 200.

Any ideas what am I doing wrong?

error image:
enter image description here


Get this bounty!!!