Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS CloudFront and ELB: Is there a way to force connection using only CloudFront?

Tags:

amazon-web-services

amazon-ec2

amazon-cloudfront

vpc

I have an ELB which balances some EC2 instances. The ELB exposes the endpoints of the entire system.

Now I am creating a CloudFront distribution over this ELB. Is there a way to allow users to connect ONLY using CloudFront endpoint and refuse direct connections to ELB?

Thanks

like image 789
Domenico Rosito Avatar asked Oct 28 '25 17:10

Domenico Rosito

1 Answers

You would have to restrict the security group to the list of IP address ranges used by CloudFront. This is a subset of the list published here.

Unfortunately that list is subject to change, so you can't just set it once and forget it. Amazon has published a tutorial here that walks you through setting up a Lambda function that will automatically update your security group when Amazon publishes an updated IP list.

like image 190
Mark B Avatar answered Oct 31 '25 08:10

Mark B
Sign in to Comment

Related questions

AWS API Gateway - Private Endpoint - message forbidden
How to use AWS Java SDK to fetch objects list with query as s3api?
AWS Lambda is nerver called for authentication in AWS Transfer Family
List AWS Billing Filter options or names for use in Terraform
AWS Backup IAM permission [duplicate]
how to create an opensearch index in CDK?
JavaScript - Send email using AWS SES

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!