How To Dev

Introduction In previous articles, I guided you through using AWS EKS to create Kubernetes resources in the traditional way using yaml files or using KubernetesManifest directly via AWS CDK. The result is that we access the application directly through the LoadBalancer Address, but this is only an HTTP connection. To enhance security, in this article, we will explore how to use it alongside CloudFront for HTTPS connections and WAF. AWS WAF (Web Application Firewall) is a firewall service that protects web applications (delivered via CloudFront, ALB, or API Gateway) from common security vulnerabilities. Instead of just basic IP blocking, WAF deeply analyzes HTTP/HTTPS content to make decisions to allow or block requests. Advantages Protection against automated attacks: Effectively prevents common types of attacks such as SQL Injection, Cross-Site Scripting (XSS), and vulnerabilities in the OWASP Top 10. Bot and DDoS Blocking: Uses AWS Managed Rules to block malicious bots from scraping ...

Introduction In the previous article, I guided you through using AWS EKS including 2 steps: using AWS CDK to create the cluster and permissions, then using yml files to apply and create k8s resources. This method is useful in case you are familiar with K8s and have many K8s resources that need to be managed in a separate project. If you want to only use AWS CDK, it still supports creating K8s Manifests directly within the project, so that after creating the cluster, K8s resources can be created immediately, helping the deployment process take place seamlessly and limiting mutual dependencies. Detail Create file lib/eks-manifest-stack.ts: import { KubectlV34Layer } from "@aws-cdk/lambda-layer-kubectl-v34" import * as cdk from "aws-cdk-lib" import * as ec2 from "aws-cdk-lib/aws-ec2" import * as eks from "aws-cdk-lib/aws-eks" import * as iam from "aws-cdk-lib/aws-iam" import { Construct } from "constructs...