Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Developer Associate > AWS Cloudfront > Flashcards

AWS Cloudfront Flashcards

1
Q

What is Cloudfront

A

CloudFront is a web service that gives businesses and web application developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds.

CloudFront is a good choice for distribution of frequently accessed static content that benefits from edge delivery—like popular website images, videos, media files or software downloads.

Used for dynamic, static, streaming, and interactive content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Amazon CloudFront provides a simple API that lets you:

A

Distribute content with low latency and high data transfer rates by serving requests using a network of edge locations around the world.

Get started without negotiating contracts and minimum commitments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Does Cloudfront support Zone Apex Name

A

You can use a zone apex name on CloudFront.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Does CloudFront supports wildcard CNAME

A

YES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an Edge Location

A

An edge location is the location where content is cached (separate to AWS regions/AZs).

Requests are automatically routed to the nearest edge location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Regional Cache

A

Regional Edge Caches are located between origin web servers and global edge locations and have a larger cache.

Regional Edge Caches have larger cache-width than any individual edge location, so your objects remain in cache longer at these locations.

Regional Edge caches aim to get content closer to users.

Dynamic content goes straight to the origin and does not flow through Regional Edge caches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can you write to Edge Locations

A

Edge locations are not just read only, you can write to them too.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an ORIGIN ?

A

An origin is the origin of the files that the CDN will distribute.

Origins can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53 – can also be external (non-AWS).

When using Amazon S3 as an origin you place all your objects within the bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When using EC2 for custom origins Amazon recommend:

A
  • Use an AMI that automatically installs the software for a web server.
  • Use ELB to handle traffic across multiple EC2 instances.
  • Specify the URL of your load balancer as the domain name of the origin server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Static websites on Amazon S3 are considered custom origins ? T?F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Does CloudFront keep a persistent connections open with origin servers. T/F

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can files be uploaded via CloudFront ?

A

Files can also be uploaded to CloudFront.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does one Configure HA for Origin Failover

A

Can set up CloudFront with origin failover for scenarios that require high availability.

Uses an origin group in which you designate a primary origin for CloudFront plus a second origin that CloudFront automatically switches to when the primary origin returns specific HTTP status code failure responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To distribute content with CloudFront you need to create a distribution.

The distribution includes the configuration of the CDN including:

A
  • Content origins.
  • Access (public or restricted).
  • Security (HTTP or HTTPS).
  • Cookie or query-string forwarding.
  • Geo-restrictions.
  • Access logs (record viewer activity).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the two types of Distributions

A

Web Distribution or RTMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does Web Distribution Contain ?

A
  • Static and dynamic content including .html, .css, .php, and graphics files.
  • Distributes files over HTTP and HTTPS.
  • Add, update, or delete objects, and submit data from web forms.
  • Use live streaming to stream an event in real time.
17
Q

What does RTMP Distribution Contain

A

Distribute streaming media files using Adobe Flash Media Server’s RTMP protocol.

Allows an end user to begin playing a media file before the file has finished downloading from a CloudFront edge location.

Files must be stored in an S3 bucket.

18
Q

Cache Behaviour

A

Allows you to configure a variety of CloudFront functionality for a given URL path pattern.

19
Q

For each cache behavior you can configure the following functionality:

A
  • The path pattern (e.g. /images/*.jpg, /images*.php).
  • The origin to forward requests to (if there are multiple origins).
  • Whether to forward query strings.
  • Whether to require signed URLs.
  • Allowed HTTP methods.
  • Minimum amount of time to retain the files in the CloudFront cache (regardless of the values of any cache-control headers).
20
Q

You can restrict access to content using the following methods ?

A

Restrict access to content using signed cookies or signed URLs.

Restrict access to objects in your S3 bucket.

A special type of user called an Origin Access Identity (OAI) can be used to restrict access to content in an Amazon S3 bucket.

By using an OAI you can restrict users so they cannot access the content directly using the S3 URL, they must connect via CloudFront.

21
Q

What Allowed HTTP Methods can you Define

A
  • GET, HEAD.
  • GET, HEAD, OPTIONS.
  • GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE.

For web distributions you can configure CloudFront to require that viewers use HTTPS.

22
Q

What is Field-Level Encryption?

A

Field-level encryption adds an additional layer of security on top of HTTPS that lets you protect specific data so that it is only visible to specific applications.

Field-level encryption allows you to securely upload user-submitted sensitive information to your web servers.

The sensitive information is encrypted at the edge closer to the user and remains encrypted throughout application processing.

23
Q

How long are objects cached for ?

A

Objects are cached for the TTL (always recorded in seconds, default is 24 hours, default max is 1 year).

Only caches for GET requests (not PUT, POST, PATCH, DELETE).

Dynamic content is cached.

24
Q

Restrictions Principles

A

Blacklists and whitelists can be used for geography – you can only use one at a time.

There are two options available for geo-restriction (geo-blocking):

  1. Use the CloudFront geo-restriction feature (use for restricting access to all files in a distribution and at the country level).
  2. Use a 3rd party geo-location service (use for restricting access to a subset of the files in a distribution and for finer granularity at the country level).
25
Q

What is Lambda@Edge ?

A

Can be used to run Lambda at Edge Locations.

Lets you run Node.js and Python Lambda functions to customize content that CloudFront delivers.

26
Q

You can use Lambda functions at the following points

A

After CloudFront receives a request from a viewer (viewer request).

Before CloudFront forwards the request to the origin (origin request).

After CloudFront receives the response from the origin (origin response).

Before CloudFront forwards the response to the viewer (viewer response).

27
Q

Lambda@Edge can do the following ?

A
  • Inspect cookies and rewrite URLs to perform A/B testing.
  • Exam Tip: Send specific objects to your users based on the User-Agent header.
  • Implement access control by looking for specific headers before passing requests to the origin.
  • Add, drop, or modify headers to direct users to different cached objects.
  • Generate new HTTP responses.
  • Cleanly support legacy URLs.
  • Modify or condense headers or URLs to improve cache utilization.
  • Make HTTP requests to other Internet resources and use the results to customize responses.
28
Q

Signed URLs and Signed Cookies

A

A signed URL includes additional information, for example, an expiration date and time, that gives you more control over access to your content. This additional information appears in a policy statement, which is based on either a canned policy or a custom policy.

CloudFront signed cookies allow you to control who can access your content when you don’t want to change your current URLs or when you want to provide access to multiple restricted files, for example, all the files in the subscribers’ area of a website.

29
Q

Use signed URLs in the following cases

A

You want to restrict access to individual files, for example, an installation download for your application.

Your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.

30
Q

Use signed cookies in the following cases:

A

You want to provide access to multiple restricted files, for example, all the files for a video in HLS format or all the files in the subscribers’ area of website.

You don’t want to change your current URLs.

31
Q

Origin Access Identity Principles

A

Used in combination with signed URLs and signed cookies to restrict direct access to an S3 bucket (prevents bypassing the CloudFront controls).

An origin access identity (OAI) is a special CloudFront user that is associated with the distribution.

Permissions must then be changed on the Amazon S3 bucket to restrict access to the OAI.

If users request files directly by using Amazon S3 URLs, they’re denied access.

The origin access identity has permission to access files in your Amazon S3 bucket, but users don’t.

32
Q

AWS WAF

A

AWS WAF is a web application firewall that lets you monitor HTTP and HTTPS requests that are forwarded to CloudFront and lets you control access to your content.

With AWS WAF you can shield access to content based on conditions in a web access control list (web ACL) such as:

  • Origin IP address.
  • Values in query strings.

CloudFront responds to requests with the requested content or an HTTP 403 status code (forbidden).

CloudFront can also be configured to deliver a custom error page.

Need to associate the relevant distribution with the web ACL.

33
Q

Domain Names - CloudFront

A

CloudFront typically creates a domain name such as a232323.cloudfront.net.

Alternate domain names can be added using an alias record (Route 53).

34
Q

High Availability

A

CloudFront caches content at Edge Locations around the world. The more objects served by the cache, the fewer the requests to the origin. This reduces the load on your origin server and reduces latency.

You can set up CloudFront with origin failover for scenarios that require high availability.

To set up origin failover, you must have a distribution with at least two origins. Next, you create an origin group for your distribution that includes two origins, setting one as the primary. Finally, you create or update a cache behavior to use the origin group.

35
Q

CloudFront Charges

A

You pay for:

  • Data Transfer Out to Internet.
  • Data Transfer Out to Origin.
  • Number of HTTP/HTTPS Requests.
  • Invalidation Requests.
  • Dedicated IP Custom SSL.
  • Field level encryption requests.

You do not pay for:

  • Data transfer between AWS regions and CloudFront.
  • Regional edge cache.
  • AWS ACM SSL/TLS certificates.
  • Shared CloudFront certificates.
36
Q
A

AWS Developer Associate (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions