- Newest
- Most votes
- Most comments
To resolve the connectivity issues between CloudFront and your load balancer, follow these steps:
Check CloudFront Origin Configuration:
Log in to the AWS Management Console and navigate to the CloudFront service. Select your CloudFront distribution. Go to the "Origins and Origin Groups" tab. Ensure that the Origin Domain Name is set to the DNS name of your load balancer and that the Origin Protocol Policy is set to "HTTPS Only" or "Match Viewer". Verify Target Group Configuration:
Navigate to the EC2 service in the AWS Management Console. Go to the "Target Groups" section. Select the target group associated with your load balancer. Ensure that the target group is correctly configured with the backend EC2 instances that should receive traffic from CloudFront. Update Load Balancer Security Group:
Go to the EC2 service in the AWS Management Console. Select the security group associated with your load balancer. Add an inbound rule to allow incoming traffic from CloudFront IP ranges on port 443 (or the port your backend is listening on). You can find the CloudFront IP ranges in the AWS documentation here.
Hello.
In your case, I think the communication path is CloudFront → S3 → ALB.
Therefore, I suspect that even if you set CloudFront's prefix list to the ALB security group, it will not be allowed and will time out.
Therefore, try setting the S3 prefix list instead of the CloudFront prefix list in the ALB security group.
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html
Relevant content
- asked 3 months ago
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 5 months ago
Thank you for your answer.
As you said, I've also tried setting up the s3 prefix, but it didn't work the same way.
I'm testing it for different situations, and it feels like it's only affected by the IP of the accessor. When I allowed the local IP of the desktop with the inbound rule of the load balancer, I get a normal response from the backend. In this state, when I access the site on my laptop, I don't get a response.
In that case, it seems that the S3 front end returns a response to the client and then accesses the API. I think you need to register ALB as the origin of CloudFront and make the traffic flow like CloudFront → S3 → Client → CloudFront → ALB. In this case, your front-end program will also need to point to CloudFront to access the API.