I've an website hosted on DigitalOcean and I'm trying for days to figure how to protect it using amazon cloudfornt + amazon waf is this even possible?
I read amazon documentation but it's not useful,I even watched a lot of you tube videos, but 99% of them are just doing the job using with an amazon hosted website.
Yes, you can set your digital ocean website as the origin in CloudFront. You will of course want to block traffic to your digital ocean website that isn't from CloudFront. You can add a secret header that Cloudfront will pass to the origin that you can require on your backend. You can also consider whitelisting all AWS CloudFront IPs..
Related
I have a website hosted on GoDaddy. I want to use Amazon CloudFront for serving it to visitors.
I have searched and only found hosting the media on S3 or the entire site on EC2. I do not want that
Is it possible that once a while, say 15 minutes, Amazon CF gets the latest data of my website from godaddy server and any visitor is served the content from Amazon CDN?
As per the AWS docs here, CloudFront supports using any source that can respond to http requests as a Custom Origin.
Create a custom origin and associate a behaviour with that origin and you’ll be serving your content, from your custom HTTP origin, via CloudFront.
I'm new with AWS WAF and get stuck with setting up it for application that hosts on some dedicated server. I didn't find any information how to set up it without migration to aws servers, but I found that WAF integrated with CloudFront. But anyway I found only few information that explain how to integrate this CDN with my web application. So, the main question is:
Is it possible to use AWS WAF with application that hosted on some dedicated server? And if it possible - can you provide some guides and/or docs for setting up?
Yes, you can use WAF with a server outside AWS.
WAF works with CloudFront, and CloudFront does not require the origin server to be in the AWS ecosystem.
When you create a distribution, you specify where CloudFront sends requests for the files. CloudFront supports using several AWS resources as origins. For example, you can specify an Amazon S3 bucket or a MediaStore container, a MediaPackage channel, or a custom origin, such as an Amazon EC2 instance or your own HTTP web server. (emphasis added)
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html
Configuring CloudFront to work with your external server is no different than configuring it to work with a server in EC2. Your DNS entry (e.g. www.example.com) changes to point to CloudFront, and CloudFront connects to your server using a new name that you create (e.g. origin.example.com). CloudFront proxies requests through to your server, unless the edge location handling the a given request happens to have access to a copy of the same resource that it cached while handling a previous request for the same page -- that's how CloudFront gets your content, by caching it as it handles requests that are passing through. (You don't pre-load any content into CloudFront.) If CloudFront has a cached copy, your server sees nothing, and CloudFront returns the object to the browser from its cache. But CloudFront isn't strictly a CDN, even though they market it that way. It is a global network of reverse proxies and high-reliability/low-latency transport.
You'll want to take steps to ensure that the web server rejected requests that didn't come through CloudFront. See Using Custom Headers to Restrict Access to Your Content on a Custom Origin as well as the list of CloudFront IP Addresses which you could use on your web server's firewall.
Once you have your site working through CloudFront, all you do is activate WAF on the distribution. CloudFront is very tightly integrated with WAF so that is a very simple change, once you have your WAF rules set up.
Documentation
Offers only HTTP, how to make it to work on HTTPS? Is it possible?
I configured and it is working fine for HTTP, but for HTTPS I'm getting
This site can’t be reached
Even though I created certificates to my domain in AWS Certificate Manager.
CloudFront can be used to serve HTTPS request for static website hosted on S3.
Here is some AWS documentation https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-https-requests-s3/
Also, i found this blog very explanatory - https://medium.com/#sbuckpesch/setup-aws-s3-static-website-hosting-using-ssl-acm-34d41d32e394
Hope this helps.
To configure HTTPS for Static website hosted using S3 as Web site feature, you have to configure AWS CloudFront to serve the website from the CDN locations and ACM can be configured on CloudFront distribution.
Create the Route 53 record set pointing to CloudFront Distribution Endpoint
This way you can server the S3 website on HTTPS and also it will reduce latency as well to your end users request.
Hope this helps
I bought my domain from google suite and realized I couldn't host my own html websites on it, so I went to AWS S3 bucket and deposited them there. Now the problem is how to connect these two services together, so I can use the domain I bought from google and the websites I've uploaded on AWS.
I was going to configure nameservers but google support told me the server would be down for 7 days, so that's a no-no for me. He suggested that I configure with cname and A record, but where do I get these pieces of information?
In S3, you need to enable virtual hosting of bucket and then use bucketname.s3.amazonaws.com as CName in your DNS configurations. However there is a limitation where lets say you bought the domain my.bucketname.com, you need to rename your bucket name as my.bucketname.com.
Other option is to use AWS Cloudfront and connect S3 as an origin. Then you will get a CName from Cloudfront which you can map in your DNS configurations without any constrains as above.
I'm currently using AWS EC2, S3 and RDS for my website, and all the media is stored in S3.
If I would like to use Cloudflare for the entire website, should I just install regularly (where it will 'pull' and cache everything) or I should do this step or do both?
https://support.cloudflare.com/hc/en-us/articles/200168926-How-do-I-use-Cloudflare-with-Amazon-s-S3-Service-
Though you can achieve this through Amazon CloudFront Servies which offers the same functionality as that of Cloudflare and you do not need to configure additional things. But it does not specializes only on CDN. So You can safely use Cloudflare as they are specialized in Web Security.
And it is always recommended to follow the guidelines Cloudflare setup.
Edit:
In addition to Cloudfront, if you wish you may also use AWS WAF & AWS Shield for security for the same reason you wish to use cloudflare.