AWS CloudFront - Service port information

---

AWS CloudFront - Service port information

 

 

 

 

■ 개요

ㆍ 침입 탐지 시스템에서 80 / 443 을 제외한 포트가 감지

ㆍ CloudFront 로부터 접근이 있었는지 확인 목적으로 Case Open

 

 

■ Port list

ㆍ 2000

ㆍ 5060

ㆍ 8008

ㆍ 8015

ㆍ 8020

 

 

■ 결론

ㆍ 특정 백엔드 요구 사항을 충족하기 위해 특정 포트를 열어 두고 있음

 

 

■ 참고

Hello, 

Thank you for contacting AWS Premium Support.

From the case details, I understand that you have performed a port scan on CloudFront's side, and have detected a list of open ports, and would like to know what they are used for. Please corrrect me if I may have misunderstood.

For CloudFront's services to be able to function as desired, certain backend requirements need to be met. Having certain ports open would be one of these requirements. This is under constant monitoring and falls on AWS's side of the shared responsibility model, so you can rest assured that there is nothing to be concerned about from your side. When a CloudFront distribution is created, a physical device is not spun up. CloudFront distribution are "phantom",  or in other word, are configuration sets, which the physical infrastructure utilizes to serve the customer requests. Therefore the scan performed is on the physical infrastructure instead of the actual distribution. The physical infrastructure, as discussed above, is AWS responsibility.

For more information on the responsibility model, kindly refer the links provided below under RESOURCES.

If you need any clarification on the above or, if you have any queries or concerns on the topics, please don't hesitate to contact me by replying to this case correspondence, I will be happy to help you. 

Have a great day ahead. 

RESOURCES:
==========

[1] Shared Responsibility Model: 
https://aws.amazon.com/compliance/shared-responsibility-model/   

[2] Data Privacy FAQ: 
https://aws.amazon.com/compliance/data-privacy-faq/

 

 

 

---

by mkdir-chandler

---