Please help me understanding cloudfront in my scenario?

Question

Hi Team,

Wish you all Happy New Year!!

I about to set my VPC [10.1.0.0/16] in AWS and have below scenario to achieve. Customer Web server is some where else and not in AWS. lets say www.exmaple.com [5.6.7.8]. 
I am about to set one Linux EC2 instance with WAF on it and www.example.com -> CNAME -> waf.ec2.acme.com [10.1.0.10/7.8.9.10 Elastic IP]
In that case anyone accessing https://www.example.com my linux EC2 being a WAF will receive the entire traffic and then  only clean traffic will be forwarded to www.example.com. Now I wanted to activate cloud front for www.example.com and have below queries.

1. What DNS Changes do I need to make?
2. For activating Cloudfront do I need to have my DNS pointed to route 53?
3. Can I activate cloudfront distribution in this case?
4. And if I activate CDN on AWS. Do I need to protect CDN mirrors as well with WAF?

Can someone please help me understanding the topology ?

TIA
Blason R

Accepted Answer

1. You'll need to change the DNS for `www.example.com` and point it to CloudFront (once the CloudFront distribution has been created).
2. No. But Route 53 makes it much easier to use the "apex" domain name - for example, if you wanted to send traffic to `example.com` to CloudFront as well.
3. You can create the CloudFront distribution ahead of time - it has a unique name that you can test before cutting over.
4. I'm not sure what you're asking here, but: CloudFront has WAF built in so you can use that to protect the customer website (the "origin" in CloudFront terms). You should not be sending traffic to your EC2 instance then to CloudFront and then to the customer website - that makes your EC2 instance a bottleneck and a single point of failure in the event of a DDoS or high traffic situation.

Please help me understanding cloudfront in my scenario?

Relevant content