If I have an EC2 instance, running a web app (HTTP), and I have an Amazon-provided SSL certificate, I can use CloudFront to make the EC2 instance accessible via HTTPS, handling the certificate automatically. Is this a legitimate use of CloudFront, or should this be done differently?
Asked
Active
Viewed 1,252 times
6
-
1did you try using an Application Load Balancer? depending on your use case perhaps CF is overkill – Oscar De León Sep 19 '21 at 17:17
-
1@OscarDeLeón I looked at ALB, however the base price seems pretty high for this particular instance - the ALB would cost about as much as the instance itself. – mitchus Sep 19 '21 at 18:49
1 Answers
10
Yes using CloudFront is a legitimate way to enable https, and (as iBug pointed out in comments) can reduce your bandwidth egress costs a little. Another option is to use an application balancer, which integrates with AWS Certificate Manager (ACM) to enable https.
A lower cost method is to install a certificate directly on your EC2 instance using Lets Encrypt and some of their compatible software. You can't use an ACM certificate with just an EC2 instance. Certbot is a common piece of software used to request LE certs.
Tim
- 30,383
- 6
- 47
- 77
-
-
Using CloudFront generally *reduces* your cost if the origin is an EC2 instance (or S3). EC2 and S3 charges a flat egress price while CloudFront charges "use more, pay less", and it even starts lower (8.5¢ for US / Canada vs EC2 9¢). – iBug Sep 20 '21 at 05:53
-
Thanks iBug I added your comment to the answer. AWS bandwidth is pretty expensive either way, for some sites I use an external caching CDN which can reduce costs more. – Tim Sep 20 '21 at 06:48