S3 website + Cloudfront + Cognito Custom domain


Hi there, I have an S3 static website with a bucket blocked for public access and Cloudfront set up with Origin access control, S3 bucket has a police coming from Cloudfront Origin. So far so good. I now want to set up cognito, to have users login to the page, I have created a user pool, set up custom domain ex "auth.example.net" . When I click on View Hosted UI inside app client, it takes me to a cognito login page, however, when I go on the browser and type "auth.example.net", I get a plain white page. Nothing happens. I am confused on why this is happening. Something to do with Cloudfront?

Sorry, I fairly new to this world, trying my best before asking questions here. Hope someone can rescue me.

thanks a lot

3 Answers
profile picture
answered 2 months ago

It sounds like you've set up Amazon Cognito to handle user authentication for your static website hosted on Amazon S3 and served through CloudFront. The issue you're encountering where accessing "auth.example.net" results in a plain white page is likely due to the configuration of your CloudFront distribution.

Here are a few steps you can take to troubleshoot the issue:

1)CloudFront Behavior Configuration: Ensure that your CloudFront distribution is configured to forward requests to your Amazon Cognito endpoint. You'll need to set up a behavior in CloudFront that forwards requests to your Cognito custom domain.

2)Viewer Protocol Policy: Check the Viewer Protocol Policy setting in your CloudFront distribution. It should be set to "Redirect HTTP to HTTPS" if you want to enforce HTTPS connections.

3)Custom Error Pages: Configure custom error pages in your CloudFront distribution to handle errors gracefully. This can help diagnose any issues that might arise during the authentication process.

4)CloudFront Logs: Check the CloudFront logs to see if there are any errors or unexpected behaviors occurring when accessing "auth.example.net". This can provide valuable insights into what might be going wrong.

5)CORS Configuration: Ensure that your S3 bucket has the appropriate CORS (Cross-Origin Resource Sharing) configuration to allow requests from your Cognito domain.

6)DNS Configuration: Double-check the DNS configuration for "auth.example.net" to ensure it's correctly pointing to your CloudFront distribution.

By checking these configurations and settings, you should be able to diagnose and resolve the issue with accessing your Cognito login page through "auth.example.net". If you're still encountering issues, you may need to review the documentation for CloudFront and Cognito, or consider reaching out to AWS support for further assistance.

profile picture
answered 2 months ago
  • Hi Hari thank you so much for taking the time to write this. I checked my behaviour, Path pattern set to default(), and origin my bucket website endpoint. I could set origin to my cognito custom website so i created a new origin for it. I created another behaviour, Path pattern /auth/, origin set to my cognito custom domain. ( is this what you mean by " forward requests to your cognito custom domain?) That didnt work either. :( 4 days into this trying to figure this out

    I will go through the rest of the list later as it takes me a while to find where everything is and what they are.

    thank you


trying to set up cors but getting this error too , does anyone know why?

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions