- 最新
- 投票最多
- 评论最多
Amplify uses Amazon CloudFront to distribute your website globally, and the IP addresses returned are dynamically set. Our current list of IP address ranges that CloudFront utilizes can be found in this doc
However requests to your EC2 chat application would have the IP of the local machine and not the IP's of Amplify Hosting/CloudFront. Hence, for your use case, whitelisting IPs of the Amplify Hosting/CloudFront might not be helpful.
Having said that, you can try attaching a WAF in-front of EC2 and filter requests based on origin header, as these requests would contain Origin header with Amplify domain.
Origin:https://<branch>.<appid>.amplifyapp.com
Alternatively, you could also leverage API gateway in front of EC2, as it has several authentication mechanism such as WAF, Cognito authorizers, Lambda custom authorizer etc
For best approach and architectural guidance you can contact AWS Solution Architects
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 5 个月前
Thank you very much, Susmitha! Your response is very informative. I will explore your suggestions. Thanks again.