Configure Amazon CloudFront to require HTTPS both to communicate with viewers and to communicate with your origin. Configure CloudFront and your ALB to prevent users from directly accessing your ALB. This allows users to access your ALB only through CloudFront, ensuring that you maximise the benefits of CloudFront's security features and DDoS protection. By enforcing HTTPS you also prevent an eavesdropper from discovering the header name and value.
Objectives:
1. Set up a HTTPS Listener with ACM Certificate on your ALB.
2. Create a CloudFront Distribution using your Application Load Balancer as the Origin with HTTPS enabled.
3. Add an Alternate Domain Name (CNAME) and Custom SSL certificate to CloudFront.
4. Configure CloudFront to include a custom HTTP header for ALB requests and configure the ALB to only forward requests that contain the custom HTTP header.
5. Integrate your custom domain with your CloudFront Distribution
Contents:
00:00 - Intro
01:23 - Setting up a HTTPS Listener with ACM Certificate on your ALB.
05:33 - Create a CloudFront Distribution using your ALB as the Origin with HTTPS enabled.
11:12 - Configure your ALB to only forward requests that contain the custom HTTP header.
14:16 - Verify Solution.