CloudFront 1 Flashcards

1
Q

CloudFront

What is Restrict Viewer Access?

A

CF requires and validates signed URLs for all requests to the behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CloudFront

How does WAF integrate with CloudFront?

A

Just pick a WAF ACL and associate with a distro, nothing special.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CloudFront

Can CloudFront support IPv6?

A

Easily, just turn it on (off by default)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Behaviors

Where can you turn on Restrict Viewer Access

important

A

Per-Behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Origins

How do you do security for S3 Origins?

A

OAI: Origin Access Identity: can list an OAI in a Buckeet Policy to give R/O access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Origins

How do you secure a custom Origin so only CloudFront can call it?

A

Like OAI: require CF to send a secret token in a custom header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Origins

Two ways to restrict access to a bucket to only the CF distro?

A

Origin Access Identities (OAI) (legacy), Origin Access Controls (recommended)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Origins

How do you config an OAI?

A

Associate OAI with Origin in CF, S3 bucket policy allows OAI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Origins

How can you restrict a custom Origin so it only serves content from CF?

A

Restrict to CF CIDRs and/or CF sends a secret header to Origin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly