Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to disable access to cloudfront via the *.cloudfront.net url?

I created an AOI to restrict access of the s3 bucket to public. So you can not access the s3 objects via the s3 endpoint but cloudfront can access all those objects and serve them.

I setup an Alternate Domain Names and add the SSL Certificate for this domain.

I setup route 53 with a A rule to alias cloudfront distribution

I can access the page using the Cloudfront public url (*.cloudfront.net) and mydomain.com

How can I remove the *.cloudfront.net access to my page? This should be possible because the only service that needs this url is route 53.

like image 736
rolele Avatar asked Aug 09 '17 11:08

rolele


People also ask

How do I turn off CloudFront?

In the right pane of the CloudFront console, select the check box for the distribution that you want to delete. Choose Disable to disable the distribution, and choose Yes, Disable to confirm. Then choose Close.

What is the CloudFront URL?

To create a CloudFront distribution Open the CloudFront console at https://console.aws.amazon.com/cloudfront/v3/home . Choose Create Distribution, and then choose Get Started. Under Origin Settings, for Origin Domain Name, choose the Amazon S3 bucket that you created earlier.


1 Answers

Much easier than Lamda@Edge would be just to configure an ACL to block each request containing the Host header with your cloudfront distribution url.

Configure AWS WAF / ACL

like image 154
mhelf Avatar answered Sep 23 '22 08:09

mhelf