Amazon CloudFront introduces WebSocket support for VPC origins

Amazon CloudFront has announced that it now supports WebSockets traffic through Virtual Private Cloud (VPC) origins. This new capability allows CloudFront to serve as the sole entry point for real-time applications that are hosted entirely within private subnets. The addition of WebSockets support extends the utility of VPC origins to applications necessitating persistent, bidirectional communication between clients and servers. Applications such as chat platforms, collaborative editing tools, live dashboards, and IoT device management systems stand to benefit significantly from this enhancement.

Previously, customers who operated real-time applications utilizing WebSockets were required to maintain their origins in public subnets. This setup often necessitated the use of Access Control Lists and other mechanisms to limit access to servers equipped for WebSockets, demanding ongoing effort for implementation and upkeep. With the new support, customers can now position their Application Load Balancers (ALB), Network Load Balancers (NLB), and EC2 instances that handle WebSockets traffic within private subnets. These subnets are accessible solely through their CloudFront distributions.

This development transforms CloudFront into a singular front door for both traditional HTTP traffic and real-time WebSockets connections. It effectively reduces the attack surface, simplifies security management, and offers built-in protection against Distributed Denial of Service (DDoS) attacks. WebSockets support for VPC origins is currently available in all AWS Commercial Regions where VPC origins are supported. Importantly, there is no additional charge for WebSockets traffic through VPC origins. For further information, interested parties are encouraged to visit CloudFront VPC origins.