AWS Amplify issue with Cloudfront

0

We have a AWS Amplify service where NextJS application is hosted.Currently the website is accessed via a WAF and cloudfront which is mapped to the Amplify. Challenges that we face is

1.Images are being served via S3 where images are not converted to webp format when going via the cloudfront url but gets converted correctly when Amplify direct link is used. 2.Is it necessary to serve s3 images via cloudfront as well or can it be directly accessed from nextjs application. 3.We also have a WAF in front of cloudfront configured which have a small latency added when website is accessed.

Require help in understanding if cloudfront is necessary for s3 bucket and what settings are recommended particularly for nextjs to have optmized images.

Is WAF and cloudfront required for AWS Amplify with Nextjs hosting or we can directly map custom domain within amplify service. How would it impact from security perspective without WAF and cloudfront.

1 Answer
1

Images in WebP format with CloudFront
In this blog post, there is a simple and performant solution for image optimization using serverless components such as Amazon CloudFrontAmazon S3 and AWS Lambda, so as to serve the most optimized image format (JPEG,WebP, or AVIF) to the user.

**Serving S3 images directly from NextJS application **
You can serve images directly from an S3 bucket in your NextJS application without using CloudFront. However, you'll need to configure your S3 bucket for public access or create a presigned URL for each image. This approach has some limitations, such as increased latency, lack of caching, and potential security risks if not configured correctly.

Necessity of CloudFront for S3 images
While not strictly necessary, using CloudFront for serving S3 images is recommended for several reasons:

  • Caching: CloudFront caches content at Edge locations, reducing latency and bandwidth costs.
  • Security: CloudFront provides additional security features like HTTPS, field-level encryption, and geo-restriction.

WAF and CloudFront necessity with AWS Amplify and NextJS:

  • From a security perspective, using a WAF (Web Application Firewall) in front of your application is highly recommended to protect against common web vulnerabilities like SQL injection, cross-site scripting (XSS), etc.
  • CloudFront can provide additional security features like HTTPS enforcement, geo-restriction, security for distributed denial-of-service (DDoS) attacks.

Security impact without WAF and CloudFront:

  • Without a WAF, your application will be directly exposed to potential security threats and malicious traffic.
  • Without CloudFront, you'll miss out on benefits like caching, DDoS protection, and content delivery optimization.
  • It's generally recommended to use a WAF (like AWS WAF) and CloudFront for production-grade web applications hosted on AWS Amplify, especially if you expect significant traffic or have stringent security requirements.
profile pictureAWS
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions