How to Setup Your CloudFront Distribution for EC2 Origin

i dont think u can, cos it links only to s3 or ALB, but then again, maybe there is a way...

Geo-blocking for one

for data security

using amazon backbone network from cloud front to your ALB for accelerated performance.

my thoughts exactly, the advantage of this is not mentioned, i think thats the most important part.
geoblock? - ok if we do use it.
data security > u mean QS and cookies are encrypted, (ok that good too)
CF is on edge server distributed > so request now hit a nearer location > and then it travels via "aws's intranet to reach our ALB" and that is faster".. yet i guess it makes sense..

Also CloudFront offers security in terms of DDoS attacks since it has Standard Shield integrated as well as it can be integrated with WAF

Agreed, the most annoying parts (load balancer and target group) are completely skipped over.

You have a point.Why we need ALB for a single instance, its main purpose is to balance the load between multiple instances. Is AWS main purpose is to add additional $18 into there pocket?

You can configure security policy for EC2 to only accept traffic from your load balancer, so your EC2 instance is never public facing.

@@kaidollarsense also having easy access to certificats is another bous of this setup

The load balancer routes traffic to each EC2 instance. NGINX balances the load between each thread or cluster running inside every EC2 instance.

CloudFront will still deliver the website content worldwide using the AWS backbone, even though the data isn't being cached it will still likely result in lower latency. Everything I've researched seems to suggest using ELB as the origin, but I just want to use EC2 for testing. I'm trying it now, setting the origin to my elastic public DNS. The status of my distribution says "In Progress" after approx 10 minutes.

@@jrlx86 that makes sense. It would help with ddos too I guess

@@gregonometry7164 Yep, and you save a cent per GB (if egress is more than 10TB a month(!)) - otherwise egress costs appear to be the same for both CF and EC2 (15 cents per GB)
A little update: I actually got this working without using ELB, initially I was getting "err_too_many_redirects" but after some tinkering with the distribution the webapp now loads okay. My cloud infrastructure is set up in N.Virginia and I'm in the UK - I'll run some tests on accessing the instance directly vs over CloudFront and report back. I don't know if I can close inbound port 80/443 on my EC2 instance now or not, or whether or not I can move my EC2 instance to a private subnet - my suspicion is no to both, in which case I wonder how I can stop direct HTTP requests to my instance now that CloudFront is available. Perhaps I can change my security policy to only accept HTTP/S from CloudFront.

Okay, aside some variables - EC2 instance sizing (only on t3.micro) and the potential for some optimization of the webapp - CloudFront is saving me around 3 seconds for a complete http GET - it's about 18% faster vs direct to the instance. Not bad. I could think the benefits would be more if the end user was in Asia.

@@gregonometry7164 will it?
DDOS if coming from russia > goes to CF in europe > then all that traffic will HIT NLB, so i guess via CF we can then do geo-blocking of all traffic from russia,
yep ur right, good point...

cat /var/lib/cloud/data/instance-id

The code was pasted in the EC2 instance User Data section when creating the instance

Hi! I went ahead and passed your question along internally for our teams to review. In the meantime, our community of experts may be able to provide you with further assistance and suggestions. You're welcome to reach out to them here on re:Post: go.aws/aws-repost. 📮 I also encourage exploring these resources for more helpful info: go.aws/3ve0meA & go.aws/3TEKufg & go.aws/478FeE2. 👈 ^TE

Rollback.