When installing an Auvik collector, errors involving CloudFront typically occur during the collector's attempt to connect outbound to Auvik services. Since CloudFront is part of the CDN and endpoint delivery for Auvik, connection or HTTP errors can emerge if network restrictions exist.
Here are the most common types:
1. Network Access Errors
These indicate the collector cannot reach *.cloudfront.net endpoints:
- Timeouts (e.g., connection timed out)
- DNS failures (e.g., could not resolve host)
- Connection refused or SSL handshake failures
Fix:
Ensure outbound HTTPS (TCP port 443) is open to:
- *.cloudfront.net
- collector.auvik.com and related endpoints
2. HTTP Response Errors from CloudFront
If the collector reaches CloudFront but is blocked or misconfigured:
- 403 Forbidden
- Could mean IP block, expired tokens, or access denied by WAF rules
- 404 Not Found
- The requested endpoint/path is incorrect or unavailable
- 503 Service Unavailable
- Temporary issue at the CDN edge or origin (rare but possible during deployments)
Fix:
- Check the collector version and endpoint correctness
- Ensure no firewall, proxy, or DPI is altering HTTPS traffic
3. Proxy Interference or SSL Inspection
If a transparent proxy or SSL inspection is active:
- The collector may fail to verify CloudFront’s certificate
- Errors: SSL certificate error, certificate verify failed
Fix:
- Whitelist *.cloudfront.net from SSL inspection
- Bypass proxy for collector traffic, or configure proxy in the collector setup if supported