Restricting access to CloudFront by IP
I have created the custom rule to whitelist IPs and restrict the application with CloudFront distribution with following steps.
Steps:
- Go to AWS WAF.
Create following IP match conditions under IP Addresses.
- staging-appname-whitelist-ips
Create following rules under Rules.
- staging-appname-ui-stack-whitelisted-ips
- with condition (similar for production one)
- with condition (similar for production one)
- staging-appname-ui-stack-whitelisted-ips
- Finally create following Web ACLs:
- staging-appname-acl
- Please select the correct CloudFront Distribution, above created Rule and IP Address group.
*.
- Please select the correct CloudFront Distribution, above created Rule and IP Address group.
*.
- staging-appname-acl
AWS Resource here.
Hope it helps!
Web Application Firewall is your friend.
http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-ip-conditions.html
Create your rule with your IP Addresses and rest "WAF" will take care.
You need to apply this to the required CloudFront Distribution.
You can restrict your bucket policies to CloudFront and restrict to your required IP's through CloudFront.