CloudFront Authenticated Origin Pulls

0

A customer is looking to replicate the mTLS functionality of CloudFlare Authenticated Origin Pulls (https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls) using CloudFront.

This is in the context of Kubernetes and nginx ingress. They have considered using security groups here, but they don't feel that security groups fit the bill.

  1. Do we have any recommendations or workarounds to implement this mTLS functionality?
  2. Do we have any references for customers who have done this?
AWS
질문됨 4년 전982회 조회
1개 답변
0
수락된 답변

unfortunately that's not available in CloudFront. The customer origin cannot authenticate requests coming from CloudFront using TLS layer (specifcally mTLS). However, CloudFront authentication can be implemented at application layer using Lambda@Edge. Here's an example: https://aws.amazon.com/blogs/networking-and-content-delivery/serving-private-content-using-amazon-cloudfront-aws-lambdaedge/

profile pictureAWS
전문가
achraf
답변함 4년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠