I have a simple goal: set up some HTTP redirects. How hard could that be?

There are a few additional considerations I should mention…

  • Serving redirects under multiple domains
  • Including apex zones
  • Secured with TLS because we should have HTTPS Everywhere
  • AND over plain HTTP on tcp/80
  • While paying the absolute minimum in ongoing costs.
  • Without taking over the role of authoritative nameserver for the domain

My first attempt doing this with AWS was pretty straightforward. I created a Node.js process which issues redirects, deployed it onto ECS, connected it to an ALB, and added an ACM certificate. But it felt slightly heavy-weight with ECS, and an ALB doesn’t provide a static IP address either.

My second attempt with AWS was pretty similar, except I replaced the Node.js process with some rules on the ALB. Still pretty good.

Then I tried using API Gateway with a Mock Lambda, and things started getting very rough. Working with API Gateway can be excruciating, although perhaps that’s just a symptom of using Terraform to manage API Gateway. Still, messages like this one (You have exceeded the number of APIs you can delete per minute. Please try again soon) are just frustrating. Still, I got it working.

But using a Mock Lambda meant that I could only return a single redirect per service, and it felt very wrong to create a lot of new services in API Gateway. So I switched to using a smart Lambda that inspects the Host header. All feeling pretty good now… until I realize that API Gateway only serves traffic on tcp/443 (HTTPS) and absolutely cannot be configured to serve plain HTTP traffic on tcp/80. This is an absolute dealbreaker for my use case.

The most difficult constraint here is working with TLS certificates.