- Newest
- Most votes
- Most comments
Yes, it is possible to effectively deactivate access to the AWS public IPv4 DNS for your EC2 instance. However, it's important to understand that you can't directly "deactivate" the public DNS hostname itself, as it's automatically generated by AWS for instances with public IP addresses. Instead, you can take steps to prevent access through this hostname.
Here are a few approaches you can consider:
-
Remove the public IP address: Since you're using an Elastic IP, you can disassociate the auto-assigned public IPv4 address from your instance. This will remove the public DNS hostname. As of a recent update, AWS now supports dynamically removing and adding auto-assigned public IPv4 addresses on EC2 instances. You can do this by modifying the public IP setting on the network interface.
-
Configure your web server: You can configure Apache to only respond to requests coming from your domain name. This way, even if someone tries to access your API using the public DNS hostname, the web server won't serve the content.
-
Use security groups: Configure your EC2 instance's security group to only allow incoming traffic on port 443 from your domain's IP address or from a content delivery network (CDN) if you're using one.
-
Implement application-level checks: In your FAST API application, you can add logic to check the incoming request's host header and only process requests that match your domain name.
Remember, even if you implement these measures, the public DNS hostname will still exist as long as your instance has a public IP address. The goal is to prevent it from being used to access your application.
Regarding the certificate mismatch, this is expected behavior because your SSL certificate is likely issued for your domain name, not for the AWS-generated public DNS hostname. By implementing the above measures, you can help ensure that users only access your API through the properly secured domain name.
Sources
AWS supports dynamically removing and adding auto assigned public IPv4 address
Amazon EC2 instance IP addressing - Amazon Elastic Compute Cloud
Afraid you cant. Every Public IP aross AWS has a public DNS Name. It wouldnt make any difference to you removing that public DNS Name.
You get the same result going to https://X.X.X.X as the certificate doesnt have the SAN included.
Unless you ask someone to connect to the webserver using the AWS Public DNS Name, your not going to have any issues
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
Thanks, let me try out these options and revert back!!