是否可以确保仅在 VPC 或 ECS 内访问云前端分发?
Is it possible to secure Cloud front distribution to be accessed only within VPC or ECS?
我想通过云前端读取一个S3。我已将 S3 设为私有,并且我还想确保云前端分发 url 的安全。是否可以让 Cloud Front 只能在 VPC 或 ECS 中访问?
谢谢。
您可以在 WAF 中附加 WAF(Web Applicaton Firewall) to secure the cloudfront distribution. You can utilise IP Match Condition 以仅允许来自一组 IP 的流量
If you want to allow or block web requests based on the IP addresses
that the requests originate from, create one or more IP match
conditions. An IP match condition lists up to 10,000 IP addresses or
IP address ranges that your requests originate from. Later in the
process, when you create a web ACL, you specify whether to allow or
block requests from those IP addresses.
我想通过云前端读取一个S3。我已将 S3 设为私有,并且我还想确保云前端分发 url 的安全。是否可以让 Cloud Front 只能在 VPC 或 ECS 中访问?
谢谢。
您可以在 WAF 中附加 WAF(Web Applicaton Firewall) to secure the cloudfront distribution. You can utilise IP Match Condition 以仅允许来自一组 IP 的流量
If you want to allow or block web requests based on the IP addresses that the requests originate from, create one or more IP match conditions. An IP match condition lists up to 10,000 IP addresses or IP address ranges that your requests originate from. Later in the process, when you create a web ACL, you specify whether to allow or block requests from those IP addresses.