By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Timeout after login in Private MWAA behind ALB with Custom Domain

0

I'm provisioning a private MWAA and setting a public access through ALB (with ACM and custom domain ), following this documentation.

Domain and certificate are working, SSO login works, but redirect after login sends browser to private URL (which causes a timeout error). The only information I can find is this one but the link to another answer is broken

I also checked the Airflow documentation. . There is a key called webserver.base_url but it doesn't seem to work. The URL at the login screen looks fine: https://my-custom-domain/aws_mwaa/aws-console-sso?next=https%3A%2F%2my-custom-domain%2Fhome

  • Ed
    2 months ago

    Did you get a resolution to this that you can share?

Topics
Application Integration
Tags
Amazon Managed Workflows for Apache Airflow (MWAA)Application Load Balancer
Language
English
AWS-User-6477893
asked 2 years ago758 views
2 Answers
0

Could you please validate the 1) target group's (Registered Targets [1])which are attached to the ALb and also the security groups attached to the ALB ? "If this does not work, please open open a support case with AWS using the following https://console.aws.amazon.com/support/home#/case/create "? We can debug the issue and raise a request with Service team if needed.

[1] https://aws.amazon.com/blogs/aws/new-application-load-balancing-via-ip-address-to-aws-on-premises-resources/

AWS
Harsha_T
answered 2 years ago
0

I know it's an old question, but the issue still seems relevant.

It seems that AWS SSO does not support a custom domain redirect, and will always try to send you back to the MWAA environment's URL, even if you started from a custom domain.

The only way we managed to work around this isn't very satisfying. We created this script to launch the MWAA dashboard:

#!/bin/bash
HOST=custom-domain.example.com
URL=https://$HOST/aws_mwaa/aws-console-sso?login=true#
WEB_TOKEN=$(aws mwaa create-web-login-token --name my-airflow-env --query WebToken --output text)
open $URL$WEB_TOKEN

(Note that the open command in the last line is specific to macOS. It opens the URL in the default browser.) This isn't original, but I can't immediately find where I got this idea to credit it.

Obviously, this requires having CLI credentials and won't be appropriate for all users. I would love to see a "real" solution to this issue.

Ed
answered 6 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content