CloudFront – ALB or EC2 as an Origin (VPC Origins)

Key Concepts

• Enables delivery of content from applications hosted in private VPC subnets.

• Removes the need to expose these resources directly to the public internet.

• Provides secure access over AWS’s private network.

Supported Private Origins

• Application Load Balancer (ALB)

• Network Load Balancer (NLB)

• EC2 Instances

Architecture Flow

1. Users send requests to CloudFront.

2. The nearest CloudFront edge location receives the request.

3. CloudFront routes the request securely to the VPC origin.

4. Inside the VPC, traffic is directed to the appropriate private resource (ALB, NLB, or EC2).

5. Content is returned to the edge location, cached, and served to the user.

Benefits

• Improved security by keeping backend resources private.

• Better performance through edge caching and reduced latency.