TLDR: Cloudfront is going to start checking that you've deleted any corresponding DNS entries when you delete or edit a CloudFront distribution, and TLS/SSL "domain fronting" will soon be prevented at runtime.https://aws.amazon.com/blogs/security/enhanced-domain-protections-for-amazon-cloudfront-requests/ …
-
-
Replying to @colmmacc @abbyfuller
"Dangling DNS entries" - How can any CloudFront distribution receive the traffic for a domain if its dns is not pointing to the right http://xxxx.cloudfront.net ? This is the problem you should fix. Doing checks across all accounts for a given AlternateName adds way more friction.
2 replies 0 retweets 0 likes
Replying to @LambrosPetrou @abbyfuller
CloudFront also offers dedicates IP ranges as a feature too https://aws.amazon.com/cloudfront/custom-ssl-domains/ … . For customers of that feature we do what you're describing. But otherwise, CloudFront never "sees" the xxxx, CNAMEs are resolved remotely and not visible to CloudFront.
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.