0

AWS Recommends adding cloudfront in front of single server applications for security and performance see https://aws.amazon.com/blogs/networking-and-content-delivery/dynamic-whole-site-delivery-with-amazon-cloudfront/

I want to add it for an existing web app but the max time out of cloudfront is 180 seconds and I have some calls which are longer and will time out. I'm mainly interested in the security upside and less in the performance upside of this setup since this is for a web panel which does not require high speed delivery.

My question is - Is it a good solution to add an Application load balancer instead of dynamic cloudfront in front of the server in order to get the security benefits such as hiding the end server IP address , getting WAF and DDOS mitigation without the 180 seconds timeout issue ?

Are there downsides to doing it ?

Thanks

Niro
  • 1,371
  • 3
  • 17
  • 35
  • Calls that take 180 seconds might be better suited to a queued job sort of approach. Are those calls cacheable? If not, CloudFront isn't gonna save you from a DDOS against those endpoints. – ceejayoz Apr 04 '22 at 13:54
  • @ceejayoz All the calls are dynamic and not cachable. I think the DDOS protection does work also in dynamic cases. queue is not needed in the long calls case. its for report generation on demand. it just involves some queries that take time and the users are OK with it. – Niro Apr 04 '22 at 15:25
  • Kicking off a request, queuing it, and having the result later is a better option than a super long query. It might also be that you could do some optimization / indexing to get it down to a reasonable time. CloudFront gives you more free bandwidth than ALB. Personally I use a CDN in front of my personal server for protection, CloudFlare in my case, but CloudFront is good too. An ALB will hide the server IP and give a bit more protection against a DDOS attack than not having it. – Tim Apr 04 '22 at 22:58

0 Answers0