AWS Cloudfront and ELB Security Groups

rabs picture rabs · Mar 5, 2014 · Viewed 13.3k times · Source

does anyone know how to add your cloudfront distro into the security group inbound rules for an ELB?

We have a cloudfront distro setup for a new site which has a whitelisted set of security group rules for its origin. I cant see how to configure the security group to allow requests from the cloudfront distro...

any ideas?

Answer

Matt Beckman picture Matt Beckman · Feb 5, 2016

If you follow the link provided by Amir Mehler in the comments above, the author of the blog points to an official AWS Lambda function on Github that will update a security group with the CloudFront IPs. I used this, and it works great.

If you don't like Lambda, you could do it manually.

Note When trying to use the sample test config for the first time, update the MD5 to match the hash of the current ip-ranges.json file, or it will error.