By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cloudfront Origin Security

0

A customer using CloudFront to protect origin, wants to ensure traffic can only arrive from their CloudFront distribution. They have configured a security group IP allow list based on ip-ranges.json, along with custom headers to validate requests.

Customer has raised the concern that a bad actor can easily discover the origin-secret UUID and duplicate the configuration. They are seeking a method to further secure the shared secret, and protect it from attackers.

Topics
Networking & Content Delivery
Tags
Amazon CloudFront
Language
English
AWS-User-9006206
asked 5 years ago336 views
1 Answer
0
Accepted Answer

Hello, check this blog where i explain how to use Lambda@Edge to sign requests to the origin:

https://aws.amazon.com/blogs/networking-and-content-delivery/serving-private-content-using-amazon-cloudfront-aws-lambdaedge/

profile pictureAWS
EXPERT
achraf
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content