When configuring AWS CloudFront (or Load Balancer) I have the option to choose to Redirect all HTTP requests to HTTPS or use HTTPS Only option.
My website works only with HTTPs, so I don't want any HTTP communication.
What difference does these options make to my configuration?
"HTTPS Only" means if someone goes to
http://foo.cloudfront.net/
, they'll get an error."Redirect all HTTP requests to HTTPS" means they'll get redirected from
http://foo.cloudfront.net/
tohttps://foo.cloudfront.net/
."HTTPS Only" is fine for a CloudFront URL your users wouldn't type (like for an images CDN, or proxied in front of an API), but if you're using it to host the user-facing URLs, you want the redirects so someone who types your
www.example.com
still winds up on the site.