Amazon S3 Redirect and Cloudfront

I had the same problem with redirects failing and zero-length files getting downloaded, but wasn't using Cloudfront.

The root cause in my case was my DNS CNAME record pointed to the REST endpoint (static.righto.com.s3-us-west-2.amazonaws.com) instead of the website endpoint (static.righto.com.s3-website-us-west-2.amazonaws.com). Updating the CNAME record fixed my redirects.

Another symptom of this problem was missing pages displayed an XML error page rather than an HTML error page.

This document explains the difference between website endpoints and REST endpoints.


For web site-like functionality in S3, such as redirects, html error messages, and index documents, you can't use the REST endpoint (${bucket_name}.s3.amazonaws.com or ${bucket_name}.s3.${region}.amazonaws.com) since these features are only provided by the web site endpoints (${bucket_name}.s3-website.${region}.amazonaws.com).

http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html

To make the behavior available in Cloudfront, you need to configure Cloudfront to use this endpoint, as well, not the REST one offered via autocomplete in the console.

Enter the Amazon S3 static website hosting endpoint for your bucket. This value appears in the Amazon S3 console, on the Properties page under Static Website Hosting.

When you specify the bucket name in this format, you can use Amazon S3 redirects and Amazon S3 custom error documents.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html

Note that the web endpoints do not support HTTPS, but you can configure Cloudfront to fetch from the bucket with HTTP even though the client connection is HTTPS.


Helpful tip: when troubleshooting and testing changes with CloudFront, users are often confused by the apparent "latency" between when you make changes and when CloudFront starts exhibiting the new behavior. In the case of error pages, CloudFront has a default 5 minute Error Caching Minimum TTL that prevents it from re-sending requests for failed pages to the origin, and this is a separate timer from the minimum/default/maximum TTL set in Cache Behavior. Particularly when testing, you may want to disable these timers and force a retry with each subsequent request of pages that returned errors, using the steps I provided in the answer to a question about apparent Amazon CloudFront Latency.