How can I ensure that my app which is deployed on an EC2 only communicates using HTTPS?

0

I currently have a web app deployed on an EC2 instance. My EC2 instance is connected to CloudFront distribution and HTTPS is configured. I redirect any HTTP to HTTPS in the cloud front but still one can connect to the EC2 using HTTP using Public IPv4 DNS.

Note:

  • CloudFront and the EC2 communicate internally using HTTP and listen on port 80

Questions:

  • How can I ensure that a browser can access my web app using HTTPS and through CloudFront only?
  • Are their better practices or steps that I should follow or changes I should do to any of my configs ?
Karim
demandé il y a 4 mois149 vues
2 réponses
0

Hi,

To exactly achieve your goal of Cloudfront-only access, you want to use AWS-managed prefix list for Amazon CloudFront: see https://aws.amazon.com/about-aws/whats-new/2022/02/amazon-cloudfront-managed-prefix-list/

Documentation is at https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html

Best,

Didier

profile pictureAWS
EXPERT
répondu il y a 4 mois
profile picture
EXPERT
vérifié il y a 4 mois
0

Use the Managed Prefix List to set up a Security Group that only allows access to port 80 from CloudFront.

https://aws.amazon.com/blogs/networking-and-content-delivery/limit-access-to-your-origins-using-the-aws-managed-prefix-list-for-amazon-cloudfront/

profile picture
EXPERT
shibata
répondu il y a 4 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions