1
00:00:00,300 --> 00:00:02,100
‫So as you know, it's possible for CloudFront

2
00:00:02,100 --> 00:00:05,010
‫to access any custom HTTP backend.

3
00:00:05,010 --> 00:00:07,230
‫So this includes as well an EC2 instance

4
00:00:07,230 --> 00:00:09,330
‫or an application load balancer.

5
00:00:09,330 --> 00:00:11,640
‫So let's say we've developed an HTTP backend

6
00:00:11,640 --> 00:00:13,680
‫on top of an EC2 instance

7
00:00:13,680 --> 00:00:16,230
‫and so we want our users to access it through CloudFront.

8
00:00:16,230 --> 00:00:17,280
‫How do we do?

9
00:00:17,280 --> 00:00:20,280
‫Well, they will access the edge locations of CloudFront

10
00:00:20,280 --> 00:00:22,590
‫and these edge locations will be making requests

11
00:00:22,590 --> 00:00:24,600
‫into our EC2 instances.

12
00:00:24,600 --> 00:00:28,470
‫And therefore the EC2 instances must be public,

13
00:00:28,470 --> 00:00:30,780
‫otherwise the edge locations will not be able

14
00:00:30,780 --> 00:00:32,550
‫to access our EC2 instances

15
00:00:32,550 --> 00:00:36,000
‫because there's no private VPC connectivity

16
00:00:36,000 --> 00:00:37,260
‫in CloudFront.

17
00:00:37,260 --> 00:00:40,500
‫So therefore, we must also have a security group

18
00:00:40,500 --> 00:00:43,500
‫that allows the list of all the public IP

19
00:00:43,500 --> 00:00:46,050
‫of the edge locations of CloudFront

20
00:00:46,050 --> 00:00:48,870
‫to make sure the security is compatible and works.

21
00:00:48,870 --> 00:00:52,110
‫And you can find a list of these CloudFront IPs

22
00:00:52,110 --> 00:00:54,090
‫in this URL right here.

23
00:00:54,090 --> 00:00:55,470
‫So that's our first pattern.

24
00:00:55,470 --> 00:00:58,410
‫The second pattern is to use an application load balancer.

25
00:00:58,410 --> 00:01:00,870
‫So again, it must be public

26
00:01:00,870 --> 00:01:04,080
‫and then the backend EC2 instances can be private

27
00:01:04,080 --> 00:01:07,080
‫because there is private VPC connection

28
00:01:07,080 --> 00:01:11,220
‫between the application load balancer and our EC2 instances.

29
00:01:11,220 --> 00:01:12,053
‫We just need to make sure

30
00:01:12,053 --> 00:01:14,250
‫that the EC2 instances security group

31
00:01:14,250 --> 00:01:17,310
‫allows the security group of the load balancer.

32
00:01:17,310 --> 00:01:21,000
‫So therefore, the users will be accessing the edge locations

33
00:01:21,000 --> 00:01:23,550
‫and then the public IPs of the edge locations

34
00:01:23,550 --> 00:01:27,540
‫must be allowed in the security group of the ALB

35
00:01:27,540 --> 00:01:30,240
‫to make sure connectivity can be established.

36
00:01:30,240 --> 00:01:31,920
‫Okay, so that's it for this lecture.

37
00:01:31,920 --> 00:01:34,870
‫I hope you liked it and I will see you in the next lecture.