Category: Advanced (300)

Enterprise customers who host private web apps on Amazon CloudFront may struggle with a challenge: how to prevent unauthenticated users from downloading the web app’s source code (for example, React, Angular, or Vue). In a separate blog post, you can learn one way to provide that security using Amazon Lambda@Edge and Amazon Cognito, with an example […]

An update was made on October 6, 2025: With the availability of Amazon Route 53 Profiles, the below design approach can be greatly simplified and is no longer recommended. Instead we recommend to use of this new capability, as outlined in the blog post “Streamlining multi-VPC DNS management with Amazon Route 53 Profiles and interface […]

Last year, a colleague of mine wrote a blog post about new security measures that Amazon CloudFront was implementing to enhance the security of how domains are used on CloudFront distributions. This included mitigations to prevent the abusive use of domain fronting practices by not allowing SSL handshake requests and subsequent requests over the secured […]