CloudFront with VPC Origins - Sniffing in the origin i see the cloudfront public ip address as the remote is that makes sense?

Question

I have setup with cloud front and origins behind secured with VPC origins.
When sniffing traffic in the origin i see that Cloudfront IP communicating with the origin is the Cloud front public IP address and not  internal IP or the VPC cidr like i expected.

is this an intended behavior?

MikeLim · Accepted Answer

That is correct, your VPC EC2 or ELB origin will see CloudFront IP.

Your origin can be in a private subnet, i.e. it does not need a *public* IP address. Your can configure origin security group to only allow inbound from CloudFront security group.

More information in [documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-vpc-origins.html#vpc-origin-prerequisites)

CloudFront with VPC Origins - Sniffing in the origin i see the cloudfront public ip address as the remote is that makes sense?

添加回答

相关内容