Я пытаюсь понять, как это работает, он основан на статье https://advancedweb.hu/how-to-route-to-multiple-origins-with-cloudfront/ и имеет следующий шаблон CloudFormation:
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
DependsOn:
- LoggingBucket
- LambdaEdgeFunction
Properties:
DistributionConfig:
Comment: >-
Route to multiple origins with CloudFront
Enabled: true
IPV6Enabled: !Ref 'IPV6Enabled'
Logging:
Bucket: !Sub '${LoggingBucket}.s3.amazonaws.com'
HttpVersion: http2
Comment: !Join [ '', [!Ref 'AWS::StackName', ' Cloud Front']]
Aliases:
- !Ref 'AlternateDomainNames'
ViewerCertificate:
AcmCertificateArn: !Ref ACMCertificateArn
SslSupportMethod: !Ref 'SslSupportMethod' #sni-only
MinimumProtocolVersion: !Ref 'MinimumProtocolVersion' #TLSv1.1_2016
Origins:
- Id: APIGOrigin
DomainName: !Sub ${ApiGatewayId}.execute-api.eu-west-1.amazonaws.com
OriginPath: !Sub /${ApiStage}
CustomOriginConfig:
HTTPSPort: 443
OriginProtocolPolicy: https-only
# https://stackoverflow.com/questions/35043688/aws-cloudfront-how-to-use-origin-custom-headers
OriginCustomHeaders:
- HeaderName: 'X-From-CDN'
HeaderValue: !Ref VerifyFromCfHeaderVal
# route to S3
DefaultCacheBehavior:
AllowedMethods: ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
CachedMethods: ["GET", "HEAD", "OPTIONS"]
ForwardedValues:
Headers:
- Access-Control-Request-Headers
- Access-Control-Request-Method
- Origin
- Authorization
- Accept
# - Host APIG needs to use SNI
QueryString: !Ref 'QueryString'
Cookies:
Forward: !Ref 'ForwardCookies'
TargetOriginId: APIGOrigin
ViewerProtocolPolicy: https-only
Compress: !Ref 'Compress'
DefaultTTL: !Ref 'DefaultTTL'
MaxTTL: !Ref 'MaxTTL'
MinTTL: !Ref 'MinTTL'
SmoothStreaming: 'false'
# Lambda
LambdaFunctionAssociations:
- EventType: !Ref 'LambdaEventType'
LambdaFunctionARN: !Ref 'LambdaEdgeVersion'
# app, search, microservices, url CacheBehaviors...
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html
# CacheBehaviors:
# - CacheBehavior
CacheBehaviors:
- PathPattern: urls/*
AllowedMethods: ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
CachedMethods: ["GET", "HEAD", "OPTIONS"]
ForwardedValues:
Headers:
- Access-Control-Request-Headers
- Access-Control-Request-Method
- Origin
- Authorization
- Accept
# - Host APIG needs to use SNI
QueryString: !Ref 'QueryString'
Cookies:
Forward: !Ref 'ForwardCookies'
TargetOriginId: APIGOrigin
ViewerProtocolPolicy: https-only
Compress: !Ref 'Compress'
DefaultTTL: !Ref 'DefaultTTL'
MaxTTL: !Ref 'MaxTTL'
MinTTL: !Ref 'MinTTL'
SmoothStreaming: 'false'
# Lambda
LambdaFunctionAssociations:
- EventType: !Ref 'LambdaEventType'
LambdaFunctionARN: !Ref 'LambdaEdgeVersion'
# Errors
CustomErrorResponses:
- ErrorCachingMinTTL: 0
ErrorCode: 400
- ErrorCachingMinTTL: 1
ErrorCode: 403
- ErrorCachingMinTTL: 5
ErrorCode: 500
Так что в этой настройке оба по умолчанию https://cf.endpoint.tld/ и https://cf.endpoint.tld/urls/ должны отвечать из того же источника, в этом случае APIGOrigin
Но это не работает, так как по умолчанию работает, как ожидалось, но добавляет CacheBehaviour Я получаю сообщение об ошибке:
{"message":"Missing Authentication Token"}
Как получить https://cf.endpoint.tld/urls/ для ответа на APIGOrigin?
Каков OriginPath и связанный CacheBehaviour , будет ли добавлен путь CacheBahaviour в конце DomaurlsinName в Origin , так что он станет
${ApiGatewayId}.execute-api.eu-west-1.amazonaws.com/${ApiStage}/**urls**
Любой совет очень ценится