A network engineer is developing a novel system on Amazon Web Services that will use Amazon CloudFront for both content caching and origin protection. There is fear that an external agency may get access to the application's origin IP addresses and subsequently attack the origin, despite the fact that CloudFront serves the application.
Which of the following options best protects the origin?
A. Use an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are able to access the application.
B. Configure CloudFront to use a custom header and configure an AWS WAF rule on the origin's Application Load Balancer to accept only traffic that contains that header.
C. Configure an AWS Lambda@Edge function to validate that the traffic to the Application Load Balancer originates from CloudFront.
D. Attach an origin access identity to the CloudFront origin that allows traffic to the origin that originates from only CloudFront.
A network engineer is developing a novel system on Amazon Web Services that will use Amazon CloudFront for both content
-
answerhappygod
- Site Admin
- Posts: 899604
- Joined: Mon Aug 02, 2021 8:13 am
A network engineer is developing a novel system on Amazon Web Services that will use Amazon CloudFront for both content
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!