AWS Cloudfront alternate domain name 403 forbidden

0
votes

I have set up a cloudfront distribution successfully and I am able to navigate to the default domain provided by Cloudfront. I have also set up a alternate domain name using AWS Certificate Manager (ACM). The SSL has been issued and verified by the cname record I added.

For the cname entry in Google Domains I am using:

www CNAME cloudfront-distribution-name.cloudfront.net

When I try to navigate to the alternate domain: domain.com I receive a 403 forbidden network response. See screenshot below:

Note: I set up the cloudfront distribution using a website endpoint as the origin.

enter image description here

Here is the origin config:

enter image description here

Here is the behavior config:

enter image description here

1
amazon-web-servicesamazon-cloudfront
Can you post the origin config?jellycsc
Origin config has been added.nflauria
Is it starting with http or https?jellycsc
Neither. The docs I read said to remove the http/https in the Origin Domain Name.nflauria
Ok, make sense. Could you also post the behaviour?jellycsc

1 Answers

1
votes

I resolved the issue. Go to cloudfront and then under the 'general' tab select edit. Add a Cert with two domain names:

domain.com *.domain.com

Add the appropriate CNAME record to verify the SSL cert. Then add another CNAME record to verify the www.domain.com. It should look something like this in your DNS:

Record Name: _2958323dad0598j4cb4e722d0d8k5921.domain.com
Type: CNAME
Value: _7sk82036f90ffb2be52p922c080174f8.bsgbmzkfwj.acm-validations.aws

Note: For certain DNS providers you will not include the .domain.com portion as this gets automatically added. (Google domains is one example)

Record Name: www.domain.com
Type: CNAME
Value: x8k4nz5ok8a8dj.cloudfront.net

Note: For certain DNS providers you will not include the .domain.com portion it will just be www for the CNAME record.