Amazon CloudFront
Developer Guide (API Version 2016-09-29)

HTTP 503 Status Code (Service Unavailable)

An HTTP 503 status code (Service Unavailable) typically indicates a performance issue on the origin server. In rare cases, it indicates that CloudFront temporarily can't satisfy a request because of limited resources at an edge location.

Origin Server Does Not Have Enough Capacity to Support the Request Rate

CloudFront generates this error when the origin server is overwhelmed with incoming requests. CloudFront then relays the error back to the user. To resolve this issue, try the following solutions:

  • If you use Amazon S3 as your origin server, optimize the performance of Amazon S3 by following the best practices for key naming. For more information, see Request Rate and Performance Considerations in the Amazon Simple Storage Service Developer Guide.

  • If you use Elastic Load Balancing as your origin server, see 503 Error Classic.

  • If you use a custom origin, examine the application logs to ensure that your origin has sufficient resources, such as memory, CPU, and disk size. If you use Amazon EC2 as the backend, make sure that the instance type has the appropriate resources to fulfill the incoming requests. For more information, see Instance Types in the Amazon EC2 User Guide for Linux Instances.

CloudFront Was Not Able to Resolve Your Origin Domain Due to DNS Issues

When CloudFront receives a request for an object that is expired or is not stored in its cache, it makes a request to the origin to get the updated object. To make a successful request to the origin, CloudFront performs a DNS resolution on the origin domain name. However, when the DNS service that hosts your domain is experiencing issues, CloudFront cannot resolve the domain name to get the IP address, resulting in a 503 error. To fix this issue, contact your DNS provider, or, if you are using Amazon Route 53, see Amazon Route 53 DNS.

To further troubleshoot this issue, ensure that the authoritative name servers of your origin's root domain or zone apex (such as are functioning correctly. Your authoritative name servers then receive the request and return the IP address that is associated with the domain, and are the same as the DNS servers that you used to set up your CloudFront distribution. Use the following commands to find the name servers for your apex origin:

dig OriginAPEXDomainName NS +short nslookup –query=NS OriginAPEXDomainName

When you have the names of your name servers, use the following commands to query the domain name of your origin against them to make sure that each responds with an answer:

dig OriginDomainName @NameServerFromAbove nslookup OriginDomainName NameServerFromAbove

CloudFront Caused the Error Due to Limited Resources at the Edge Location

You will receive this error in the rare situation that CloudFront can't route requests to the next best available edge location, and so can't satisfy a request. This error is common when you perform load testing on your CloudFront distribution. To help prevent this, follow the Load Testing CloudFront guidelines for avoiding 503 (Capacity Exceeded) errors.

If this happens in your production environment, contact AWS Support.

Lambda Function Associated with Your Distribution is Invalid

CloudFront returns this error when a Lambda@Edge function that is configured on a cache behavior for your distribution returns an error during runtime and exits before the CloudFront request is fulfilled.

To troubleshoot this issue, examine the execution logs for your Lambda function. Make sure you look at the log files in the region where the function executed. For more information, see CloudWatch Metrics and CloudWatch Logs for Lambda Functions.