AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2026-05-22 · Documentation low

File: solutions/latest/distributed-load-testing-on-aws/troubleshooting.md

Summary

Added troubleshooting guides for ALB+ECS Fargate deployments (certificate validation, 502/503 errors, DNS resolution, WAF blocks) and headless deployments (CORS errors, authentication issues)

Security assessment

Changes are operational troubleshooting steps for deployment configurations. References to WAF and HTTPS are standard security practices but not new security documentation. No vulnerability fixes or incident responses identified.

Diff

diff --git a/solutions/latest/distributed-load-testing-on-aws/troubleshooting.md b/solutions/latest/distributed-load-testing-on-aws/troubleshooting.md
index 102df7764..687b39fb4 100644
--- a//solutions/latest/distributed-load-testing-on-aws/troubleshooting.md
+++ b//solutions/latest/distributed-load-testing-on-aws/troubleshooting.md
@@ -78,0 +79,58 @@ If the test has completed but the results are not available in the UI, the resul
+### ALB + ECS Fargate deployment issues
+
+**Issue: ACM certificate validation is stuck in "Pending validation" status**
+
+  * Resolution:
+
+
+
+
+If you requested a public ACM certificate using DNS validation, you must add the CNAME record provided by ACM to your DNS configuration. Navigate to the [ACM console](https://console.aws.amazon.com/acm/), expand the certificate details, and add the DNS validation record to your domain’s DNS provider. If you used email validation, check the email address associated with the domain for the validation email from AWS. For more information, refer to [DNS validation](https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) in the _AWS Certificate Manager User Guide_.
+
+**Issue: Web console returns a "502 Bad Gateway" or "503 Service Temporarily Unavailable" error after deployment**
+
+  * Resolution:
+
+
+
+
+Check the ALB target group health checks in the [EC2 console](https://console.aws.amazon.com/ec2/home#TargetGroups). If the ECS Fargate tasks are showing as unhealthy, verify that the tasks are running in the [ECS console](https://console.aws.amazon.com/ecs/) and check the task logs in CloudWatch for errors. Ensure the security group attached to the ECS tasks allows inbound traffic from the ALB security group.
+
+**Issue: DNS is configured but the custom domain does not resolve to the web console**
+
+  * Resolution:
+
+
+
+
+Verify that the CNAME record is correctly configured in your DNS provider, mapping your custom domain (for example, `console.example.com`) to the ALB DNS name from the CloudFormation outputs. DNS propagation can take up to 48 hours depending on your DNS provider and TTL settings. You can verify the DNS record using `dig console.example.com CNAME` or `nslookup console.example.com`.
+
+**Issue: Web console returns a "403 Forbidden" error after deployment**
+
+  * Resolution:
+
+
+
+
+The AWS WAF web ACL deployed in front of the ALB may be blocking legitimate requests. Open the [AWS WAF console](https://console.aws.amazon.com/wafv2/), select the web ACL associated with the ALB, and check the **Sampled requests** tab to identify which rule is blocking the traffic. You can modify the WAF rules to allow the blocked requests. For example, if a managed rule group is producing false positives, you can set the specific rule action to **Count** instead of **Block** to allow the traffic while still logging it. For more information, refer to [Testing and tuning your AWS WAF protections](https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.html) in the _AWS WAF Developer Guide_.
+
+### Headless (bring your own web server) deployment issues
+
+**Issue: Web console displays CORS errors when connecting to the API**
+
+  * Resolution:
+
+
+
+
+Cross-Origin Resource Sharing (CORS) errors occur when the web console hosted on your domain attempts to call the solution’s API Gateway endpoints. Ensure that your web server is serving the console over HTTPS, as the API Gateway endpoints require HTTPS. Verify that the origin domain of your web server matches the allowed origins configured in the API Gateway CORS settings. If you are using a custom domain, you may need to update the API Gateway CORS configuration to include your domain.
+
+**Issue: Web console loads but authentication fails or redirects incorrectly**
+
+  * Resolution:
+
+
+
+
+The web console assets include a configuration file with the Cognito user pool settings and API endpoint URL. Verify that this configuration file was not modified during extraction. Ensure your web server is serving the console over HTTPS, as Cognito requires HTTPS for callback URLs. Check that the Cognito app client callback URL includes your web server’s domain.
+
@@ -85 +143 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Update using AWS CloudFormation
+MCP Server integration