Static IP for cloudfront

amazon-web-services amazon-vpc amazon-cloudfront
22,749

Solution 1

"Your" Cloudfront distribution is not a single thing at a single place. It's a virtual entity on a global distributed network, and the more places from which it is being accessed, the more potential IP addresses you may see, because the requests are routed to the requester's nearest endpoint, using DNS. If I access your distribution, that's going to potentially involve a different IP address than if you access it, if we are in different places.

So, no, that isn't possible.

The list of possible addresses is, however, published...

https://forums.aws.amazon.com/ann.jspa?annID=2051

However, if you are referring to firewall rules allowing Cloudfront to access your origin server for security reasons, you have another flaw in your assumptions. There's no reason why multiple distributions couldn't use a common set of IP addresses... and, indeed they do... so it's conceivable that if you are trying to achieve some kind of security of your content using these restrictions, that a malicious user could provision their own distribution referencing your origin and access it via Cloudfront, if they knew how to access your origin server.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html

There's a section in the Amazon CloudFront Developer Guide -- Using Custom Headers to Restrict Access to Your Content on a Custom Origin -- that describes one possible workaround: use a custom origin header with a secret value known only to CloudFront and your origin server. CloudFront injects these into the request, invisible to the browser. If this header and its secret value are not present in a request, then the request did not come to you through the CloudFront distribution, and can either be denied or perhaps redirected, by your origin server. This is also useful for ensuring proper parsing semantics for X-Forwarded-For since its value for requests coming through CloudFront may require a different interpretation, particularly at an origin server behind a load balancer.

Solution 2

Yes, this is possible but that will cost you 600$ by month:

You need to set a custom domain and a custom SSL certificate to do that: https://aws.amazon.com/cloudfront/custom-ssl-domains

Share:
22,749

Related videos on Youtube

droidlabour
Author by

droidlabour

Updated on September 18, 2022

Comments

  • droidlabour
    droidlabour over 1 year

    Is there any way to bind static IP to my cloudfront distribution? I'm wondering if VPC can make that work. I need static IP just to eliminate the problem of allowing in my firewall everytime AWS Cloudfront IP changes.

  • Tim
    Tim over 6 years
    Custom SSL gives you a dedicated IP at every edge location. However, as Michael points out, the solution to the problem in this question isn't a static IP, it's using AWS features as intended.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS Cloudfront for VPC/VPN
AWS RDS Writer Endpoint vs Reader Endpoint
Invalidate all files in a folder in cloudfront console
How to use IPSec / Openswan with Amazon's Virtual Private Cloud (VPC) and EC2?
Does VPC Peering Cost you in same region?
CLOUDFRONT EC2 origin error CloudFront attempted to establish a connection with the origin
"Access to Font..has been blocked by CORS policy" on only one file
How to assign EIP to Autoscaling Group of VPC in Cloudformation template
How to enable websockets on AWS Cloudfront
Configure AWS Cloudfront Path Pattern workaround for Regular Expression