CloudFront Authenticated Origin Pulls

0

A customer is looking to replicate the mTLS functionality of CloudFlare Authenticated Origin Pulls (https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls) using CloudFront.

This is in the context of Kubernetes and nginx ingress. They have considered using security groups here, but they don't feel that security groups fit the bill.

  1. Do we have any recommendations or workarounds to implement this mTLS functionality?
  2. Do we have any references for customers who have done this?
AWS
質問済み 4年前982ビュー
1回答
0
承認された回答

unfortunately that's not available in CloudFront. The customer origin cannot authenticate requests coming from CloudFront using TLS layer (specifcally mTLS). However, CloudFront authentication can be implemented at application layer using Lambda@Edge. Here's an example: https://aws.amazon.com/blogs/networking-and-content-delivery/serving-private-content-using-amazon-cloudfront-aws-lambdaedge/

profile pictureAWS
エキスパート
achraf
回答済み 4年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ