Category: Security

Many Content Distribution Networks (CDNs) offer a feature to obfuscate the source origin through functionality commonly referred to as origin cloaking. Using AWS Global Accelerator with Client IP Address Preservation capability, similar functionally can be facilitated. Private Application Load Balancers (ALBs) and private EC2 instances can be accessed through Global Accelerator in a secure and simplified manner. AWS […]

Last year, a colleague of mine wrote a blog post about new security measures that Amazon CloudFront was implementing to enhance the security of how domains are used on CloudFront distributions. This included mitigations to prevent the abusive use of domain fronting practices by not allowing SSL handshake requests and subsequent requests over the secured […]

See how you can now use Amazon CloudFront to negotiate HTTPS connections to origins using Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA uses smaller keys that are faster, yet, just as secure, as the older RSA algorithm. The smaller keys will also increase the number of TLS handshakes that your origins can process per second, thereby saving compute cycles and reducing your cost of cryptography.