A common use case of CloudFront is to front traffic to an origin. To only allow traffic to a origin through CloudFront, a common method is to specify a header that is injected by CloudFront to all requests going to the origin. This Terraform module should support that feature.
Expected Behavior
A user should be able to specify a number of headers, which are then expressed by a CloudFront distribution.
Use Case
To authorize traffic from CloudFront as a sole source.
Describe Ideal Solution
Only a specific (or several specific) CloudFront distributions can send traffic to a ALB.
Alternatives Considered
Ingress for a ALB can be locked down to a set of CIDRs, but then anybody who can create CloudFront distributions can access the origins. More control is needed.
Have a question? Please checkout our Slack Community or visit our Slack Archive.
Describe the Feature
A common use case of CloudFront is to front traffic to an origin. To only allow traffic to a origin through CloudFront, a common method is to specify a header that is injected by CloudFront to all requests going to the origin. This Terraform module should support that feature.
Expected Behavior
A user should be able to specify a number of headers, which are then expressed by a CloudFront distribution.
Use Case
To authorize traffic from CloudFront as a sole source.
Describe Ideal Solution
Only a specific (or several specific) CloudFront distributions can send traffic to a ALB.
Alternatives Considered
Ingress for a ALB can be locked down to a set of CIDRs, but then anybody who can create CloudFront distributions can access the origins. More control is needed.