Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CloudFront の managed prefix list が羨ましかったから Clou...

Katz Ueno
August 01, 2023
Programming
0
420

CloudFront の managed prefix list が羨ましかったから Cloudflare の prefix list 作った

Cloudflare は、ユーザーから Cloudflare までの経路は守ってくれますが、Cloudflare サーバーからオリジンへの通信は自己防御しなくてはいけません。

AWS の EC2, ECS などで管理しているオリジンで、Cloudflare からだけの HTTP(S) 通信を許可したい場合があります。

AWS が CloudFront の managed prefix list を用意している様に、Cloudflare のエッジ IP を定期的に確認し、AWS VPC の managed prefix list を自動的に更新してくれる Lambda 関数を作成してみました。

https://github.com/katzueno/lambda-update-cloudflare-ip-ranges

Katz Ueno

August 01, 2023
Tweet

More Decks by Katz Ueno

See All by Katz Ueno
NGK2025S ライブ配信の裏側
katzueno
0
33
CDN+WAF を使って WordPress を 高速化&セキュアに
katzueno
0
75
JAWS UG 名古屋 2023年を Amazon QuickSight Q で振り返る
katzueno
0
62
How JAWS UG Nagoya thrives ~ Secret tips tips of monthly meetups since 2010
katzueno
2
310
CMS 向け Cloudflare 設定のコツ (WordPress や Concrete CMS 等)
katzueno
1
670
初心者でもそうじゃない人も CloudWatch を使ってみよう
katzueno
0
30
CodeWhisperer で CDK を書いてもらう
katzueno
0
41
Cloudflare 基本のキ
katzueno
0
500

Other Decks in Programming

See All in Programming
Signal-Based Data Fetching With the New httpResource
manfredsteyer
PRO
0
160
Code smarter, not harder - How AI Coding Tools Boost Your Productivity | Webinar 2025
danielsogl
0
120
Being an ethical software engineer
xgouchet
PRO
0
200
コンテナでLambdaをデプロイするときに知っておきたかったこと
_takahash
0
180
Boost Your Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
1.1k
フロントエンドテストの育て方
quramy
11
2.9k
Django for Data Science (Boston Python Meetup, March 2025)
wsvincent
0
320
PHP で学ぶ OAuth 入門
azuki
1
120
ミリしらMCP勉強会
watany
4
730
Devin入門と最近のアップデートから見るDevinの進化 / Introduction to Devin and the Evolution of Devin as Seen in Recent Update
rkaga
9
4.7k
いまさら聞けない生成AI入門: 「生成AIを高速キャッチアップ」
soh9834
15
4.4k
Firebase Dynamic Linksの代替手段を自作する / Create your own Firebase Dynamic Links alternative
kubode
0
230

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Music & Morning Musume
bryan
47
6.5k
Faster Mobile Websites
deanohume
306
31k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Code Review Best Practice
trishagee
67
18k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.3k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
32
4.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Agile that works and the tools we love
rasmusluckow
328
21k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.4k

Transcript

  1. Meetup Nagoya Meetup Nagoya $MPVE'SPOUͷ NBOBHFEQSF fi YMJTU͕ત·͔͔ͬͨ͠Β 
 $MPVE

    fl BSFͷQSF fi YMJTU࡞ͬͨ -BNCEB&WFOU#SJEHFͰఆظߋ৽ 1

  2. Meetup Nagoya Meetup Nagoya ຊ೔ͷΞδΣϯμ wഎܠɿͳͥNBOBHFEQSF fi YMJTUͳͷ͔ʁ w࡞ͬͨ-BNCEBؔ਺ͷ঺հ w%FNP

    2

  3. Meetup Nagoya Meetup Nagoya 3 Katz Ueno (Χπ - ্໺উ೭)

    Concrete CMS ͱΠϯϑϥ΍ͬͯ·͢ 
 Cloudflare ྺ12೥ 
 SNS: Twitter @katzueno / Instagram @katzueno & @katzcurry / Blog: katzueno.com ίϛϡχςΟ Cncrete CMS Japan / CoderDojo ඌு / JAWS UG ໊ݹ԰ ޷͖ͳ৯΂෺: ΧϨʔ 🍛 झຯ: Ϛϥιϯ🏃݄ؒ400km, ंதധ, ϥΠϒ഑৴, ಈը੍࡞ 
 ࢿ֨: ΞϚνϡΞແઢ4ڃ (1993) / TOEIC 990 (2013) / 
 AWS SAA (2017~) SAP (2023~)

  4. Meetup Nagoya Meetup Nagoya 4

  5. Meetup Nagoya Meetup Nagoya ᙱ͍ͱ͜Ζʹख͕ಧ͘$MPVE fl BSF  "844Ͱख࣋ͪυϝΠϯΛ 


    ָʹӡ༻͢Δ5*14 5 ຊ౰ͷݩͷλΠτϧ

  6. Meetup Nagoya Meetup Nagoya ؆୯ʹ͍͏ͱ ύʔΫυϝΠϯ సૹͱϝʔϧ Λ$MPVE fl BSF

    "844ͷϦμΠϨΫτ ػೳ ্ݶϧʔϧ  w (9999F%PNBJOച٫ͷෆ҆ w $MPVE fl BSFͷυϝΠϯ͸Է஋Ձ֨ w υϝΠϯΛ$MPVE fl BSFʹҠ؅͍ͨ͠ w $MPVE fl BSF "844Ͱ$MPVE'SPOUͷ൥Θ͍͠ઃఆແ͠Ͱ 
 ੩తαΠτΛ݄ചΕΔ w $MPVE fl BSF "844ͷϦμΠϨΫτͱ$MPVE fl BSF&NBJM3PVUJOHͰύʔΫυϝΠϯͰ͖Δʂ 6

  7. Meetup Nagoya Meetup Nagoya ؆୯ʹ͍͏ͱ ύʔΫυϝΠϯ సૹͱϝʔϧ Λ$MPVE fl BSF

    "844ͷϦμΠϨΫτ ػೳ ্ݶϧʔϧ  w (9999F%PNBJOച٫ͷෆ҆ w $MPVE fl BSFͷυϝΠϯ͸Է஋Ձ֨ w υϝΠϯΛ$MPVE fl BSFʹҠ؅͍ͨ͠ w $MPVE fl BSF "844Ͱ$MPVE'SPOUͷ൥Θ͍͠ઃఆແ͠Ͱ 
 ੩తαΠτΛ݄ചΕΔ w $MPVE fl BSF "844ͷϦμΠϨΫτͱ$MPVE fl BSF&NBJM3PVUJOHͰύʔΫυϝΠϯͰ͖Δʂ 7 ଞ ػձ͋Ε͹ɺ·ͩ࣍ճʹ

  8. Meetup Nagoya Meetup Nagoya ΜͰʂຊ୊ 8

  9. Meetup Nagoya Meetup Nagoya ͳ͔ͥͱ͍͏ͱ 9

  10. Meetup Nagoya Meetup Nagoya Ұൠత ͳ$MPVE fl BSF؀ڥ 10 example.com

    Load Balancer Web Server

  11. Meetup Nagoya Meetup Nagoya Ұൠత ͳ$MPVE fl BSF؀ڥ 11 ͕͜͜कΒΕΔ

    example.com Load Balancer Web Server

  12. Meetup Nagoya Meetup Nagoya Ұൠత ͳ$MPVE fl BSF؀ڥ 12 ͕͜͜कΒΕΔ

    example.com Load Balancer Web Server Security Group HTTP / HTTPS: 0.0.0.0/0

  13. Meetup Nagoya Meetup Nagoya ͪΐͬͱؾʹͳΔ 13 ͕͜͜कΒΕΔ Security Group HTTP

    / HTTPS: 0.0.0.0/0 example.com Load Balancer Web Server

  14. Meetup Nagoya Meetup Nagoya ͪΐͬͱؾʹͳΔ 14 ͕͜͜कΒΕΔ Security Group HTTP

    / HTTPS: 0.0.0.0/0 example.com SG ͕ެ։ঢ়ଶͩͱ ύϒϦοΫ IP Ͱ ELB ΍ EC2 ʹΞΫηε͞ΕͪΌ͏ AWS ͷ IP ͸ΈΜͳ͕஌ͬͯΔ Load Balancer Web Server

  15. Meetup Nagoya Meetup Nagoya ͪΐͬͱؾʹͳΔ 15 ͕͜͜कΒΕΔ Security Group HTTP

    / HTTPS: 0.0.0.0/0 example.com ࣮ࡍʹΞΫηεϩάͰ WordPress ͳͲ PHPπʔϧͷ੬ऑੑ߈ܸ΍ SQLΠϯδΣΫγϣϯ߈ܸ͕ IP ΞυϨε૯౰ͨΓͰ͘Δ ͳΜͱ͔͍ͨ͠ɾɾɾ

  16. Meetup Nagoya Meetup Nagoya ͦ͏͍͑͹ɾɾɾ "84$MPVE'SPOU͸ 16

  17. Meetup Nagoya Meetup Nagoya ͦ͏͍͑͹ɾɾɾ"84$MPVE'SPOU͸ ͍ΖΜͳํ๏Ͱ௚઀"84Ϧιʔε΁ͷ௚઀ΞΫηεΛ๷͙ํ๏͕͋Δ w $MPVE'SPOUͰΧελϜϔομʔ෇༩ɺҎ֎ͷΞΫηεΛ"848"'Ͱ ஄͘ w

    8"'Ͱ"MMPX*1-JTUΛΞοϓσʔτ͢Δ w "NB[PONBOBHFEQSF fi YMJTU 17

  18. Meetup Nagoya Meetup Nagoya ͦ͏͍͑͹ɾɾɾ"84$MPVE'SPOU͸ ͍ΖΜͳํ๏Ͱ௚઀"84Ϧιʔε΁ͷ௚઀ΞΫηεΛ๷͙ํ๏ w $MPVE'SPOUͰΧελϜϔομʔ෇༩ɺҎ֎ͷΞΫηεΛ"848"'Ͱ ஄͘ w

    8"'Ͱ"MMPX*1-JTUΛΞοϓσʔτ͢Δ w "NB[PONBOBHFEQSF fi YMJTU 18

  19. Meetup Nagoya Meetup Nagoya .BOBHFEQSF fi YMJTUT w "NB[PO͕$MPVE'SPOU ଞ

    ͕ར༻͍ͯ͠Δ*1ΞυϨεҰཡΛϦετԽ w 4FDVSJUZ(SPVQͳͲʹར༻Ͱ͖ΔΑ͏ʹ͍ͯ͠Δ w *1ΞυϨε͕ߋ৽͞Εͯ΋"84͕ߋ৽ͯ͘͠ΕΔ w $MPVE'SPOU͔ΒͷΈ͔͠ɺΞΫηεͰ͖ͳ͍4(Λ࡞ΕΔʂ 19

  20. Meetup Nagoya Meetup Nagoya .BOBHFEQSF fi YMJTUT w "NB[PO͕$MPVE'SPOU ଞ

    ͕ར༻͍ͯ͠Δ*1ΞυϨεҰཡΛϦετԽ w 4FDVSJUZ(SPVQͳͲʹར༻Ͱ͖Δ༷ʹ͍ͯ͠Δ w *1ΞυϨε͕ߋ৽͞Εͯ΋"84͕ߋ৽ͯ͘͠ΕΔ 20

  21. Meetup Nagoya Meetup Nagoya .BOBHFEQSF fi YMJTUT 21 Managed Pre

    fi x List com.amazonaws.global.cloudfront.origin-facing CloudFront ALB EC2

  22. Meetup Nagoya Meetup Nagoya ͍͍ͳʔ 22

  23. Meetup Nagoya Meetup Nagoya ʜΛʁ 23

  24. Meetup Nagoya Meetup Nagoya $MPVE fl BSF͸*1Ϧετެ։ͯ͠Δʂ "1*ܦ༝Ͱ+40/ܗࣜ΋ʂ 24

  25. Meetup Nagoya Meetup Nagoya 25

  26. Meetup Nagoya Meetup Nagoya 26 ຊ౰͸ tunnel ͕͋Γ·͢

  27. Meetup Nagoya Meetup Nagoya ͡Όɺͭ͘Ζʂ 27

  28. Meetup Nagoya Meetup Nagoya Ͱ͖ͨʂ ॳ1ZUIPO 28

  29. Meetup Nagoya Meetup Nagoya 29

  30. Meetup Nagoya Meetup Nagoya ΍Γํ  .BOBHFEQSF fi YMJTUTߋ৽Ͱ͖Δ-BNCEBͷ*".3PMF࡞੒ 

    ۭͷQSF fi YMJTUT࡞੒  -BNCEBʹϦʔδϣϯͱQSF fi YMJTUTͷ*%Λίϐϖͯ͠Ξοϓϩʔυ  &WFOU#SJEHFͰఆظ࣮ߦ Ҏ্ 30

  31. Meetup Nagoya Meetup Nagoya ΍Γํ  .BOBHFEQSF fi YMJTUTߋ৽Ͱ͖Δ-BNCEBͷ*".3PMF࡞੒ 

    ۭͷQSF fi YMJTUT࡞੒  -BNCEBʹϦʔδϣϯͱQSF fi YMJTUTͷ*%Λίϐϖͯ͠Ξοϓϩʔυ  &WFOU#SJEHFͰఆظ࣮ߦ Ҏ্ 31 γϯϓϧʂ

  32. Meetup Nagoya Meetup Nagoya %FNP 32

  33. Meetup Nagoya Meetup Nagoya Ͱ͖ͨʂ 33 example.com Load Balancer Web

    Server

  34. Meetup Nagoya Meetup Nagoya ࠓޙ w ࣮͸࣮ӡ༻͸·ͩɻςετˍϑΟʔυόοΫΛ͓ئ͍͠·͢ w Τϥʔىͬͨ͜Β4/4Ͱඈ͹ͤΔ༷ʹ͍ͨ͠ w

    ٙ໰Ϧετʹ*1͕௥Ճ͞ΕΔλΠϛϯά͸ʁ w &WFOU#SJEHF೔ճͷߋ৽Ͱେৎ෉͔ʁ 34

  35. Meetup Nagoya Meetup Nagoya 35 Katz Ueno (Χπ - ্໺উ೭)

    Concrete CMS ͱΠϯϑϥ΍ͬͯ·͢ 
 Cloudflare ྺ12೥ 
 SNS: Twitter @katzueno / Instagram @katzueno & @katzcurry / Blog: katzueno.com ίϛϡχςΟ Cncrete CMS Japan / CoderDojo ඌு / JAWS UG ໊ݹ԰ ޷͖ͳ৯΂෺: ΧϨʔ 🍛 झຯ: Ϛϥιϯ🏃݄ؒ400km, ंதധ, ϥΠϒ഑৴, ಈը੍࡞ 
 ࢿ֨: ΞϚνϡΞແઢ4ڃ (1993) / TOEIC 990 (2013) / 
 AWS SAA (2017~) SAP (2023~)