How can I ensure that my app which is deployed on an EC2 only communicates using HTTPS?

0

I currently have a web app deployed on an EC2 instance. My EC2 instance is connected to CloudFront distribution and HTTPS is configured. I redirect any HTTP to HTTPS in the cloud front but still one can connect to the EC2 using HTTP using Public IPv4 DNS.

Note:

  • CloudFront and the EC2 communicate internally using HTTP and listen on port 80

Questions:

  • How can I ensure that a browser can access my web app using HTTPS and through CloudFront only?
  • Are their better practices or steps that I should follow or changes I should do to any of my configs ?
Karim
preguntada hace 4 meses149 visualizaciones
2 Respuestas
0

Hi,

To exactly achieve your goal of Cloudfront-only access, you want to use AWS-managed prefix list for Amazon CloudFront: see https://aws.amazon.com/about-aws/whats-new/2022/02/amazon-cloudfront-managed-prefix-list/

Documentation is at https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html

Best,

Didier

profile pictureAWS
EXPERTO
respondido hace 4 meses
profile picture
EXPERTO
revisado hace 4 meses
0

Use the Managed Prefix List to set up a Security Group that only allows access to port 80 from CloudFront.

https://aws.amazon.com/blogs/networking-and-content-delivery/limit-access-to-your-origins-using-the-aws-managed-prefix-list-for-amazon-cloudfront/

profile picture
EXPERTO
shibata
respondido hace 4 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas