Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Route53 weighted routing to two separate CloudFront distributions with SSL

0

I understand that it should be possible to use a weighted routing policy in Route53 to setup two zone records in the same subdomain to route different weights of traffic to destinations that can be A records or CNAME records.

I have two applications hosted as static websites in S3 - same account, different buckets.

For each one I have setup a CloudFront distribution using a wildcard SSL certificate for the subdomain - let's say *.mysub.mydomain.com

App1 is app1.mysub.mydomain.com which refers to abc.cloudfront.net App2 is app2.mysub.mydomain.com which refers to xyz.cloudfront.net

I have created two Route53 records with the same name and weighting policies to point to each of the CF distributions - let's start with 50/50 weighting. The record name is switch.mysub.mydomain.com

The error I get when visting switch.mysub.mydomain.com is ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I note that I cannot use switch.mysub.mydomain.com as an Alias within either CF distribution now.

How can I use weighted routing in R53 to direct traffic between two CF distributions with SSL? Is this an SSL issue or something else? Do I need to create a more specific AWS ACM certificate, for example? Or does my use-case need a Lambda@Edge function? Guidance I have seen suggests weighted routing should work, but I haven't found any guidance that refers to SSL.

Edit: I am working in eu-west-2 region.

Topics
ComputeSecurity, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon CloudFrontAWS Certificate ManagerAmazon Route 53Networking & Content DeliveryWebsite Provisioning
Language
English
asked a year ago544 views
2 Answers
1

@CorinJA you can't do that via DNS configuration for the reason I mentioned. However, what you're describing should be possible by using the continuous deployment feature of CloudFront to distribute requests between two different distributions. The DNS name should point to the "production" (current) distribution, and once received there, the CD configuration will send a percentage of traffic to the associated "staging" distribution.

The continuous deployment feature is explained in the release blog post: https://aws.amazon.com/blogs/networking-and-content-delivery/use-cloudfront-continuous-deployment-to-safely-validate-cdn-changes/ and in more detail in documentation: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/continuous-deployment.html

EXPERT
answered a year ago
EXPERT
reviewed a year ago
1

Hello.

CloudFront cannot be accessed with a custom domain unless an alternative domain is set, so I don't think it is possible to route between multiple CloudFront using weighted routing.
Therefore, as you know, I think the only option is to use one CloudFront and route using CloudFront Functions or Lambda@Edge.
I think the following documents will be helpful.
https://aws.amazon.com/developer/application-security-performance/articles/a-b-testing/?nc1=h_ls

EXPERT
answered a year ago
EXPERT
reviewed a year ago
  • Leo K EXPERT
    a year ago

    Specifically, each DNS name has to belong to at most 1 CloudFront distribution at a time. Otherwise, when any random CloudFront edge location received a request for the name, it'd have no way of knowing which of the multiple distributions should process it. That's why it's logically impossible to spread a single name across multiple distributions and achieve controlled behaviour (like weighted routing).

  • CorinJA
    a year ago

    Thanks, that is slightly helpful although not the answer.

    I essentially do have an A/B testing scenario where I want to roll-out a new version of my app to users who will be acessing it largely from a link on my homepage. I want to weight traffic initially so that only a small percentage see the new app.

    How this differs from all of the examples I have seen using CloudFront distributions is that I am dealing with a wholly new app - hosted in its own S3 bucket - not just variants on the same site like images or even data layer variance.

    I just want to route a percentage of traffic from an arbitrary URL to one subdomain and a percentage to another.

  • CorinJA
    a year ago

    So this is the code I am using to implement a redirect in my PoC and it does seem to be working. I have this as a CloudFront Function:

    function handler(event) {
    var request = event.request;
    var headers = request.headers;
    let response = {};
    
    var url = Math.random() < 0.2 ? 'https://new.sandbox.mydomain.com/' : 'https://classic.sandbox.mydomain.com/';

    response = {
        statusCode: 302,
        statusDescription: 'Found',
        headers:
            { "location": { "value": url } }
        }
    console.log(`Redirecting to ${url}`);
    return response;
}

    Not sure if there's a cleaner way to do it but seems to be working. I'm just setting up some logging now to monitor the traffic here.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content