By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFront Authenticated Origin Pulls

0

A customer is looking to replicate the mTLS functionality of CloudFlare Authenticated Origin Pulls (https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls) using CloudFront.

This is in the context of Kubernetes and nginx ingress. They have considered using security groups here, but they don't feel that security groups fit the bill.

  1. Do we have any recommendations or workarounds to implement this mTLS functionality?
  2. Do we have any references for customers who have done this?
Topics
Networking & Content Delivery
Tags
Amazon CloudFront
Language
English
AWS
AWS-User-1675015
asked 4 years ago785 views
1 Answer
0
Accepted Answer

unfortunately that's not available in CloudFront. The customer origin cannot authenticate requests coming from CloudFront using TLS layer (specifcally mTLS). However, CloudFront authentication can be implemented at application layer using Lambda@Edge. Here's an example: https://aws.amazon.com/blogs/networking-and-content-delivery/serving-private-content-using-amazon-cloudfront-aws-lambdaedge/

profile pictureAWS
EXPERT
achraf
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content