So here goes,
I am essentially the sysadmin for a small nonprofit studentorg. We just received some AWS credits through one of our sponsors so Ive been looking to switch over our infrastructure from an azure load balance to something on AWS so i'm not paying for it out of my own pocket.
Our current setup:
Client ----DNS lookup---> (Cloudflare as DNS and Proxy) ----Cname record(alb generated domain)-----> (Azure Load Balancer)----IP----->(Origin server with Cloudflare CA)
I am a bit of an AWS and DNS novice, trying to learn as I go, so if this is completely wrong, just be brutally honest lol. What I am most unsure of is the DNS/certificate setup between Route53 and Cloudfront wise. I have been playing with this a bit today and I haven't gotten it working quite right as cloudfront seems to be very picky with its certificates. If it's not clear from my diagrams I would prefer that it would be HTTPS traffic all the way to the origin
My Idea of what could happen on AWS:
Client ----DNS lookup (mywebsite.com)-----> (Cloudflare as DNS for mywebsite.com)-----Cname record(cloudfront autogenerated domain)---->(Cloudfront Distribution)---Cname like route.mywebsite.com---->(Route53 DNS on route.mywebsite.com with latency or geo routing)------IP----->(Origin servers with lets-encrypt cert for mywebsite.com)
Any ideas or suggestions would be greatly aprecaited!
No comments:
Post a Comment