CloudFront 1 Flashcards
CloudFront
What is Restrict Viewer Access?
CF requires and validates signed URLs for all requests to the behavior.
CloudFront
How does WAF integrate with CloudFront?
Just pick a WAF ACL and associate with a distro, nothing special.
CloudFront
Can CloudFront support IPv6?
Easily, just turn it on (off by default)
Behaviors
Where can you turn on Restrict Viewer Access
important
Per-Behavior
Origins
How do you do security for S3 Origins?
OAI: Origin Access Identity: can list an OAI in a Buckeet Policy to give R/O access.
Origins
How do you secure a custom Origin so only CloudFront can call it?
Like OAI: require CF to send a secret token in a custom header.
Origins
Two ways to restrict access to a bucket to only the CF distro?
Origin Access Identities (OAI) (legacy), Origin Access Controls (recommended)
Origins
How do you config an OAI?
Associate OAI with Origin in CF, S3 bucket policy allows OAI
Origins
How can you restrict a custom Origin so it only serves content from CF?
Restrict to CF CIDRs and/or CF sends a secret header to Origin