5,021 questions
Advice
0
votes
0
replies
77
views
White-labeling with CloudFront — alternatives to adding multiple root domains as alternate domain names?
I have a CloudFront distribution serving a React app from S3 with an alternate domain app.mycompany.com and an ACM certificate attached. This works fine.
I want to implement white-labeling — allowing ...
Score of 0
0 answers
54 views
Access denied signed cookies CloudFront SPA App
I am trying to access a Vue SPA served with S3+CloudFront, restricted by signed cookies. This is for a platform that displays a user's active "apps". Each app is its own CloudFront domain.
...
Score of 0
1 answer
153 views
cloudfront-viewer-country-name stopped working in AWS
My setup is this:
outside -> CloudFront -> API Gateway -> Lambda
CloudFront distribution uses both Viewer request and Origin request lambdas.
In November, sometime between the 18th and 21st,...
Score of 0
0 answers
44 views
CloudFront Lambda@Edge causing originConnectError - even with no-op function
I'm experiencing a persistent issue where associating any Lambda@Edge function with my CloudFront distribution causes
originConnectError
(502) responses, even when using a minimal no-op function.
...
Advice
0
votes
1
replies
79
views
Cloudfront Cache policy headers vs Vary header
Why can we set which request headers should make up the cache key in a cloudfront distribution behaviour? If the origin responds with a Vary header, shouldn't the cache just use the headers in there ...
Score of 0
0 answers
60 views
AWS Error in Cloudfront + Appsync with 2 Authorizers OICD and new additional API_KEY, Cloudfront forcing x-api-key
I have an application that is in production working with Cloudfront + Appsync with OICD Authorizer. In the Cloudfront configuration for some reason it is adding in the custom headers if API_KEY exists ...
Score of 1
1 answer
99 views
Apache returns 404 only when accessed through CloudFront (works fine via ELB directly)
Our web service is running on EC2 with Apache. We have the following setup:
Service A -> ELB -> Service B API
In this case, Apache on Service B shows in rewrite.log that the rewrite rule was ...
Score of -1
1 answer
87 views
Expected X-Cache value when serving requests for non-existent files?
I have configured CloudFront and S3 using OAI and it generally serves files as expected.
I am trying to reduce my S3 API costs and I think about 10% of it is linked to requests for non-existent files. ...
Score of 0
0 answers
187 views
Why am I getting "Invalid initialization vector" when calling my signed URL upload API in Node.js?
I’m working on a Node.js backend that generates a signed URL for uploading files to AWS S3 via CloudFront.
However, when I hit the signed URL endpoint from curl, I always get the following response:
{&...
Score of -1
1 answer
80 views
Issue with OpenTofu tests against AWS Cloudfront Distributions [closed]
I could use an assist on my opentofu tests
Here is a small snippet of my Terraform module
resource "aws_cloudfront_distribution" "main" {
price_class = "...
Score of 3
1 answer
468 views
CloudFront Continuous Deployment: Intermittent 500 Error (x-edge-detailed-result-type: Error) with Weight-Based Policy
I'm using Amazon CloudFront's Continuous Deployment feature to implement a canary release for a static website.
My setup is as follows:
Origin: Both the primary and staging distributions use an S3 ...
Score of 0
0 answers
83 views
Handling CORs with AWS CloudFront with a Lambda Function Url Origin
I'm having an issue creating an AWS CloudFront Distribution that returns CORs headers from a Lambda Function URL Origin.
I can send test requests via cURL to the Lambda Function URL directly and see ...
Score of 0
0 answers
64 views
AWS CloudFront Signed URL throws ERR_OSSL_EVP_INVALID_DIGEST in Node.js 22
I'm trying to generate signed URLs for a CloudFront distribution using the AWS SDK v3 (@aws-sdk/cloudfront-signer) in a Node.js project.
I successfully uploaded my public key to CloudFront using:
aws ...
Score of 0
0 answers
75 views
How can I set CloudFront Signed Cookies for restricted S3 access without a reverse-proxy?
I’m building a system to serve private S3 assets via CloudFront Signed Cookies—so end users can browse entire folders without issuing individual presigned URLs.
What I'm trying:
I have a CloudFront ...
Score of 0
0 answers
111 views
Setting the CloudFront-Viewer-Country to each viewer response
In the AWS CloudFront distribution, I can configure the origin request policy to add CloudFront-Viewer-Country header to the origin request, and I can read that header in the Lambda@Edge attached to ...