<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on El PoshoX</title><link>http://elposhox.dev/en/tags/security/</link><description>Recent content in Security on El PoshoX</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>© 2026 Az García Zúñiga</copyright><lastBuildDate>Wed, 01 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="http://elposhox.dev/en/tags/security/index.xml" rel="self" type="application/rss+xml"/><item><title>CloudFront + VPC Origin + WAF on EKS: When and How</title><link>http://elposhox.dev/en/posts/cloudfront-vpc-origin-waf-eks/</link><pubDate>Wed, 01 Jul 2026 00:00:00 +0000</pubDate><guid>http://elposhox.dev/en/posts/cloudfront-vpc-origin-waf-eks/</guid><description>&lt;div class="lead text-neutral-500 dark:text-neutral-400 !mb-9 text-xl"&gt;
 Two patterns for exposing EKS services. When to use each one, how the WAF evaluation chain works with COUNT + labels, and why your ALB probably shouldn&amp;rsquo;t have a public IP.
&lt;/div&gt;


&lt;h2 class="relative group"&gt;Two patterns, each with its place
 &lt;div id="two-patterns-each-with-its-place" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#two-patterns-each-with-its-place" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;
&lt;p&gt;If you run EKS services that need public traffic, you have two architecture options:&lt;/p&gt;</description></item></channel></rss>