Blue/Green deployments with CloudFront with equal proportion

amazon-cloudfront

Two CloudFront Distributions :

The option I attempted was to have two separate CloudFront Web Distributions, one for a static site in s3 bucket (A version) and other for another static site in s3 bucket (B version). I attempted to use a Route53 weighted routing policy where I added two records for my www.domain.com Route53 record, one pointing to CloudFront Distribution A with a weight of 0 and the other pointing to CloudFront Distribution B with a weight of 0. I want to do A/B Testing.

Used www.domain.com as Alternate CNAME for Prod distribution A.

Used *.domain.com as Alternate CNAME for Prod distribution B.

My content is always getting served from A. I want it to be served from both the versions with equal proportion.

Any help on this ?

Best Answer

You can't do this with CloudFront.

tl;dr: your wildcard doesn't match hostnames where a specific, conflicting hostname is configured on another distribution.

You created the wildcard alternative hostname on distribution B as an attempt to work around this restriction:

You cannot add an alternate domain name to a CloudFront distribution if the alternate domain name already exists in another CloudFront distribution, even if your AWS account owns the other distribution.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-restrictions

There is, of course, a reason for this restriction, and it also explains why distribution B would never see your requests, even though your DNS configuration is working as expected.

The exception to the rule...

However, you can add a wildcard alternate domain name, such as *.example.com, that includes (that overlaps with) a non-wildcard alternate domain name, such as www.example.com. Overlapping domain names can be in the same distribution or in separate distributions as long as both distributions were created by using the same AWS account.

... does not provide the exception you anticipated.

When a web browser connects to an endpoint, how the browser got there is not preserved -- was it a static A record, an Alias, a CNAME, a whole cascade of CNAMEs, or an entry in your hosts file? The server doesn't know, because that information is not preserved... It knows the IP address you arrived at, but that's from a pool shared by many distributions, so how your request happened to arrive at a particular CloudFront edge (which set of DNS records was followed, your "A" or "B" -- they may not even be different IP addresses on the CloudFront end) is not something that can be used to determine which distribution should service your request.

The only mechanism CloudFront has in order to determine which distribution should service a particular request is the HTTP Host: header in the incoming http request (potentially, SNI negotiation, too, but this doesn't change anything, whether or not CloudFront uses it).

Treating a request as belonging to a particular distribution is decided based on nothing else -- it can't be, since there's nothing else available to base it on.

By logical extension, only one distribution can be associated with any given incoming request Host: header, such as www.example.com (your distribution "A.")

The other distribution ("B"), *.example.com is, in fact, only able to serve requests for everything except www.example.com (or any other more specific alternate domain names you've associated with distributions that would otherwise match that wildcard) because another distribution on the same account with a more specific hostname associated ("A") claims the specific hostname www.example.com as an exception to the * wildcard.

Essentially, requests are checked for a distribution with a exact hostname match, first, and only when there is no match, would the distribution with the wildcard be used for the request.

Related Topic