CloudFront Authenticated Origin Pulls

0

A customer is looking to replicate the mTLS functionality of CloudFlare Authenticated Origin Pulls (https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls) using CloudFront.

This is in the context of Kubernetes and nginx ingress. They have considered using security groups here, but they don't feel that security groups fit the bill.

  1. Do we have any recommendations or workarounds to implement this mTLS functionality?
  2. Do we have any references for customers who have done this?
AWS
已提問 4 年前檢視次數 994 次
1 個回答
0
已接受的答案

unfortunately that's not available in CloudFront. The customer origin cannot authenticate requests coming from CloudFront using TLS layer (specifcally mTLS). However, CloudFront authentication can be implemented at application layer using Lambda@Edge. Here's an example: https://aws.amazon.com/blogs/networking-and-content-delivery/serving-private-content-using-amazon-cloudfront-aws-lambdaedge/

profile pictureAWS
專家
achraf
已回答 4 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南