CDN Usage with EKS: CloudFront Integration

Your web application might be running on Amazon EKS, for example in the Frankfurt region. But if your users are connecting from South America, network latency affects the experience badly. You must use Amazon CloudFront (CDN) to bring static and dynamic content to the user's doorstep.

Architecture

User -> CloudFront (Edge Location) -> AWS ALB -> EKS (Pods)

1. CloudFront: User request comes to the nearest edge location. Static content (image, CSS) returns from cache.
2. Origin: For dynamic content not in cache, CloudFront goes to the Application Load Balancer (ALB) in front of EKS.

Security: Protecting the Origin

You might want to accept traffic only coming through CloudFront and block traffic coming directly to the ALB.

• Method: CloudFront adds a secret header to requests (X-Custom-Header).
• EKS Ingress: In your Ingress rule, you can write a rule to accept only requests with this header (ALB Listener Rule) or perform this check with AWS WAF.

Using CloudFront significantly reduces the load on your EKS servers (especially in serving static files) and provides cost savings.