Restricting direct access to Amplify app

Based on the information provided, it sounds like you want to prevent direct access to your Amplify app via the default amplifyapps.com domain for security reasons, since you have traffic routing set up through CloudFront and WAF. A couple of options to consider without modifying code: [1]

• In the Amplify console, you can disable the default domain so it no longer resolves to your app. This will require all traffic to go through your custom domain/CloudFront configuration. [2]
• Add a redirect rule in Amplify or CloudFront that redirects the default domain to your custom domain. For example, a 302 redirect from amplifyapps.com/* to yourdomain.com/* would seamlessly redirect users without allowing direct access. [3]

Let me know if either of those suggestions help or if you have any other questions!

Sources

[1] Enable AWS WAF for web applications hosted by AWS Amplify - AWS Prescriptive Guidance

[2] Using redirects - AWS Amplify Hosting

[3] Troubleshooting custom domains - AWS Amplify Hosting

First of all, thank you for your response.

Regarding the first option, I couldn't find the procedure to follow in the documentation you provided or on the Amplify interface. How can CloudFront be functional if the Amplify domain is deactivated ? Could you please provide more details ?

For the second option, when adding a 302 (or 301) from my Amplify domain or /<*> to the CloudFront or Route53 domain, I encounter a redirect loop. Since CloudFront redirects the traffic to the amplifyapp.com URL, adding a redirection from amplifyapp.com to my domain, which then redirects to CloudFront, doesn't seem logical to me. I might be doing it wrong, could you please be more specific ?

Hello, I was wondering if you have had a chance to consider my query and if you might have a response to share. Thank you.

Hello, I was wondering if you have had a chance to consider my query and if you might have a response to share. Thank you.