Securing a ALB with CloudFront, Enabling HTTPS, SSL Termination & Restricting Direct Access to a ALB
Тәжірибелік нұсқаулар және стиль
Configure Amazon CloudFront to require HTTPS both to communicate with viewers and to communicate with your origin. Configure CloudFront and your ALB to prevent users from directly accessing your ALB. This allows users to access your ALB only through CloudFront, ensuring that you maximise the benefits of CloudFront's security features and DDoS protection. By enforcing HTTPS you also prevent an eavesdropper from discovering the header name and value.
Objectives:
1. Set up a HTTPS Listener with ACM Certificate on your ALB.
2. Create a CloudFront Distribution using your Application Load Balancer as the Origin with HTTPS enabled.
3. Add an Alternate Domain Name (CNAME) and Custom SSL certificate to CloudFront.
4. Configure CloudFront to include a custom HTTP header for ALB requests and configure the ALB to only forward requests that contain the custom HTTP header.
5. Integrate your custom domain with your CloudFront Distribution
Contents:
00:00 - Intro
01:23 - Setting up a HTTPS Listener with ACM Certificate on your ALB.
05:33 - Create a CloudFront Distribution using your ALB as the Origin with HTTPS enabled.
11:12 - Configure your ALB to only forward requests that contain the custom HTTP header.
14:16 - Verify Solution.
Пікірлер: 6
Thank you. This saved my day too!
Amazing and it worked like a charm thank you :)
This saved my day!🥳
It was challenging to obtain information on this more than I thought. Thank you
thank you sir
Super