Reputation: 724
AWS Restrict access from cloudfront to load balancer
I'm using Cloudfront with load balancing and ec2 instances.
In AWS, my load balancer accepts traffic from all http connections. It is possible to restrict that to accept only http connections from my Cloudfront distributions ? And how can I do that ?
Thanks.
Upvotes: 2
Views: 3129
Answers (2)
Reputation: 1842
There is now a solution for this. There is now a lambda that listens for IP updates from amazon and will update your security groups with the cloudfront IPs.
Lambda to update Security Groups with Cloudfront IPs
Upvotes: 2
Reputation: 46
AFAIK, you can't do this at layer 3 as an ELB will allow access from anywhere (0.0.0.0/0).
If you're running Apache and can find a specific header that cloudfront uses/sets then you could do this at layer 7 using mod_headers.
According to http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html cloudfront will set the Header Via to 1.1 alphanumeric-string.cloudfront.net, so you could match this in your virtualhost by doing something like:
SetEnvIf Via "^1\.1\ [a-z0-9]+\.cloudfront\.net$ VIA_CLOUDFRONT
<LocationMatch /origin/>
Options -Indexes
Order deny,allow
Deny from all
# allow from cloudfront only
Allow from env=VIA_CLOUDFRONT
</LocationMatch>
Upvotes: 1
Related Questions
- Restrict access to a particular CloudFront distribution using IAM
- How to restrict Cloudfront access to my domain only?
- Allow only CloudFront to read from origin servers?
- How to allow only cloudfront to access my api (elb)load balancer hosted on ec2 in AWS?
- Block public access on S3, accessible from Cloudfront?
- Allow CloudFront to access S3 origin while also having S3 bucket Block all public access?
- How to restrict access to origin for CloudFront only?
- AWS S3 and CloudFront Restrict Bucket Access
- Restrict access to AWS Cloudfront hosted content
- How to allow CloudFront to access certain S3?