ALB instead of Cloudfront in front of single server web app

Niro

8/4/23, 10:26 AM

AWS Recommends adding cloudfront in front of single server applications for security and performance see https://aws.amazon.com/blogs/networking-and-content-delivery/dynamic-whole-site-delivery-with-amazon-cloudfront/

I want to add it for an existing web app but the max time out of cloudfront is 180 seconds and I have some calls which are longer and will time out. I'm mainly interested in the security upside and less in the performance upside of this setup since this is for a web panel which does not require high speed delivery.

My question is - Is it a good solution to add an Application load balancer instead of dynamic cloudfront in front of the server in order to get the security benefits such as hiding the end server IP address , getting WAF and DDOS mitigation without the 180 seconds timeout issue ?

Are there downsides to doing it ?

Thanks

0 + 0

security

amazon-cloudfront

amazon-web-services

amazon-alb

ceejayoz

8/4/23, 1:54 PM

Calls that take 180 seconds might be better suited to a queued job sort of approach. Are those calls cacheable? If not, CloudFront isn't gonna save you from a DDOS against those endpoints.

Niro

8/4/23, 3:25 PM

@ceejayoz All the calls are dynamic and not cachable. I think the DDOS protection does work also in dynamic cases. queue is not needed in the long calls case. its for report generation on demand. it just involves some queries that take time and the users are OK with it.

Tim

8/4/23, 10:58 PM

Kicking off a request, queuing it, and having the result later is a better option than a super long query. It might also be that you could do some optimization / indexing to get it down to a reasonable time. CloudFront gives you more free bandwidth than ALB. Personally I use a CDN in front of my personal server for protection, CloudFlare in my case, but CloudFront is good too. An ALB will hide the server IP and give a bit more protection against a DDOS attack than not having it.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ALB instead of Cloudfront in front of single server web app

TH: ALB แทน Cloudfront ต่อหน้าเว็บแอปเซิร์ฟเวอร์เดียว

RO: ALB în loc de Cloudfront în fața aplicației web cu un singur server

RU: ALB вместо Cloudfront перед односерверным веб-приложением

VI: ALB thay vì Cloudfront trước ứng dụng web một máy chủ

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.