A medical company is running a REST API on a set of Amazon EC2 instances The EC2 instances run in an Auto Scaling group behind an Application Load Balancer (ALB) The ALB runs in three public subnets, and the EC2 instances run in three private subnets The company has deployed an Amazon CloudFront distribution that has the ALB as the only origin
Which solution should a solutions architect recommend to enhance the origin security?
Store Secret in AWS Secrets Manager:
Create a random string in AWS Secrets Manager to be used as a custom HTTP header value.
Set Up Automatic Rotation:
Implement a Lambda function to handle automatic rotation of the secret in AWS Secrets Manager, ensuring the header value remains secure.
Configure CloudFront Custom Header:
In the CloudFront distribution settings, configure an origin custom header with the name and value from AWS Secrets Manager. This header will be included in requests forwarded to the ALB.
Create AWS WAF Web ACL:
Create a Web ACL in AWS WAF with a string match rule to allow requests that include the custom header with the correct value.
Associate the Web ACL with the ALB to filter incoming traffic based on the custom header.
By using this method, you can ensure that only requests coming through CloudFront (which injects the custom header) can reach the ALB, enhancing the origin security
Marg
5 months agoLinette
5 months agoChana
3 months agoPortia
3 months agoVerlene
4 months agoShakira
4 months agoCyndy
4 months agoTenesha
4 months agoElfrieda
5 months agoLenora
5 months agoDion
5 months agoAlishia
5 months agoYuki
4 months agoYoulanda
4 months agoLynelle
5 months agoShawnda
5 months agoBobbye
4 months agoTammi
4 months agoCandra
4 months agoIra
5 months ago