I'm encountering a very frustrating issue with certain paths for my CF distribution.
On my origin server (non-AWS), I have set it up so all authenticated endpoints start with "/a/".
I have therefore configured CloudFront to forward all headers, thereby disabling cache. My CloudFront config for this behavior is as shown...
{
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"LambdaFunctionAssociations": {
"Quantity": 0
},
"TargetOriginId": "myorigin_id",
"ViewerProtocolPolicy": "redirect-to-https",
"ForwardedValues": {
"Headers": {
"Items": [
"*"
],
"Quantity": 1
},
"Cookies": {
"Forward": "all"
},
"QueryStringCacheKeys": {
"Quantity": 0
},
"QueryString": true
},
"MaxTTL": 31536000,
"PathPattern": "/a/*",
"SmoothStreaming": false,
"DefaultTTL": 86400,
"AllowedMethods": {
"Items": [
"HEAD",
"DELETE",
"POST",
"GET",
"OPTIONS",
"PUT",
"PATCH"
],
"CachedMethods": {
"Items": [
"HEAD",
"GET"
],
"Quantity": 2
},
"Quantity": 7
},
"MinTTL": 0,
"Compress": false
}
However all requests for any path starting with /a/ (i.e. /a/auth/login) fail at CloudFront. It gives me the standard error...
CloudFront wasn't able to connect to the origin.
The origin URL works perfectly. I've verified my SSL certificate. Everything appears to be correct.
What's more, if I check my server logs, I can see that for these paths, CloudFront never attempts to contact the origin server. There are no entries (successful or otherwise) for these paths for the CloudFront user-agent.
It doesn't appear to be due to any kind of origin timeout, as the error is returned immediately.
There must be an issue at the CloudFront end, but I can't figure out what I could have done wrong.
Incidentally, other behavior paths for the same origin work fine.