Select Language:
If you’re setting up your website or service with CloudFront and need to update your security settings, here’s a simple way to do it. You’ll need to add specific IP addresses to your allow list to ensure smooth communication.
First, gather all 21 IP addresses from the official documentation. These addresses are used by CloudFront for different regional endpoints, so adding all of them helps ensure your service works correctly no matter where the requests are coming from.
If you’re using your domain’s apex record (the main domain without “www”) and your DNS provider is Amazon Route 53, the process gets easier. Instead of adding all 21 IPs, you only need to add three static IP addresses. This simplifies your setup and reduces management work.
While you can use CloudFront Functions to route visitors to regional endpoints, a more straightforward and cost-effective method is to use regional, or location-based, DNS routing. This method is simpler, has fewer moving parts, and often costs less.
Follow these steps to update your allow list:
1. Collect all the necessary IP addresses from the CloudFront documentation.
2. If you’re not using Route 53 for your apex record, add all 21 IPs to your firewall or security group allow list.
3. If you are using Route 53 for your apex domain, add only the three static IPs.
4. Consider switching to DNS-based regional routing for easier management and lower costs.
This approach will help keep your website or service secure while maintaining good performance for your users.
ChatGPT
Perplexity
Gemini AI
Grok AI
