ฝัง
- เผยแพร่เมื่อ 22 ก.ค. 2024
- AWS (Amazon Web Services) announced the availability of AWS-managed Prefix Lists for Amazon CloudFront. As a result, AWS customers can now restrict inbound HTTP/HTTPS traffic to AWS VPCs from IP addresses belonging to CloudFront servers.
In this video, you will learn:
0:00 AWS-managed Prefix List intro
01:08 What is an AWS-managed Prefix List?
01:47 AWS-managed Prefix List with CloudFront IPs
02:51 How do you use the CloudFront-managed prefix list?
04:03 Demo: How to add CloudFront-managed prefix list to a security group(EC2 and ALB).
You can learn more about quota for inbound or outbound rules per security group at:
docs.aws.amazon.com/vpc/lates...
Interested in learning more about AWS-managed prefix lists?
www.stormit.cloud/blog/aws-ma...
Interested in learning more about Amazon CloudFront CDN?
www.stormit.cloud/cloudfront/
More about other AWS services at
www.stormit.cloud/blog/ - วิทยาศาสตร์และเทคโนโลยี
Hi! Can you please explain little bit more your architecture, because on 4:58, when you are reaching your EC2 by public IPv4 you get your website, i thought on EC2 was only BE. In my case on EC2 is running BE - nginx, express.js server and on CloudFront there is React App. So when i configured everything like you did it - it doesn't worked for me. Can you please explain more on what do you have in EC2 and what do you have in your CloudFront? Or maybe got a point and know what is my problem ?
Hello Jim, thank you for your question, but I need to understand a little bit more about your architecture. I only have the Wordpress app on the EC2 instance. CloudFront itself is only a CDN, basically, you are not able to "have" anything there, only if you used Lambda@edge. What do you mean by "there is a React app" in CloudFront? And what do you mean by "running BE", what is BE?
Can we use aws managed prefix lift of cloudfront on API gateway resource policy?
Hello Vinay,
Thank you for your comment.Yes, I believe you can achieve this by using Resource Policy in API Gateway (docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html), but I was not able to find specific steps for it. If you're interested, you can contact us for a consultation at www.stormit.cloud/contact/.
Thanks Adam! I have been struggling with the same error for feew days... It migh be a bug ?
In no other situation an AWS SG need to approve itself to accept incoming traffic, what do you think?
By the way the feature of cloudfront prefix list is awesome!
Hello Vincenzo, I have the same opinion. Hope it'll get fixed in the future.
Can you or anyone please tell me the AWS managed prefix list for the elastic beanstalk aws service?
Hi, thank you for your comment. I don't think AWS Elastic BeanStalk has an AWS Managed Prefix list - docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html
I would need more information about your project in order to assist you effectively. Please contact us to schedule a consultation at: www.stormit.cloud/contact/
@@stormit9507 If there is no such prefix list, please tell me how to set up the network design(instance security rules) for a production backend server to only allow the inbound network traffic from the Elastic Beanstalk service and block all the public internet traffic.
@@raghuraghav6636 Hi, based on your description, the Elastic Beanstalk service doesn't directly communicate with other services like EC2, CloudFront, or S3. It functions as a management service. To achieve what you need, you'll likely want to allow inbound traffic from the IPs of the instances deployed by Elastic Beanstalk. This can be either the CIDR block they use or specific IP addresses. For us to understand this better i would recommend you to contacting us at: www.stormit.cloud/contact/. We can also provide a free "optimization" of your architecture via Well-Architected review, you can read more here: www.stormit.cloud/aws-well-architected-review/
I did send an email to you(the contact mail mentioned in the website). But I didn't receive any reply mail yet, please check...
Please tell me, where can I find more about the Elastic beanstalk service, like the internal services it uses stuff like that. Deep dive article resources kind of these.