CloudFront Flashcards
What is a CloudFrond signed URL?
A signed URL includes additional information, for example, an expiration date and time, that gives you more control over access to your content.
What is a CloudFront URL signer?
To create signed URLs or signed cookies, you need a signer. A signer is either a trusted key group that you create in CloudFront, or an AWS account that contains a CloudFront key pair.
How many CloudFront key pairs you can have?
By default, you can associate up to four key groups with a single distribution, and you can have up to five public keys in a key group.
When you use the AWS account root user to manage CloudFront key pairs, you can only have up to two active CloudFront key pairs per AWS account.
How does CloudFront manage the key pairs?
Each signer that you use to create CloudFront signed URLs or signed cookies must have a public–private key pair. The signer uses its private key to sign the URL or cookies, and CloudFront uses the public key to verify the signature.
How can you avoid using the AWS root account to create CloudFront key pairs?
With CloudFront key groups, you can manage public keys, key groups, and trusted signers using the CloudFront API. You can use the API to automate key creation and key rotation. When you use the AWS root user, you have to use the AWS Management Console to manage CloudFront key pairs, so you can’t automate the process.
When do you use Cloudfront signed cookies instead of signed URL?
CloudFront signed cookies allow you to control who can access your content when you don’t want to change your current URLs or when you want to provide access to multiple restricted files, for example, all of the files in the subscribers’ area of a website.
What is the use of CloudFront’s Origin Groups?
high availability
What is a Cloudfront path pattern?
A path pattern (for example, images/*.jpg
) specifies which requests you want this cache behavior to apply to.
What is Cloudfront Query string whitelist?
If you chose Forward all, cache based on whitelist for Query string forwarding and caching, specify the query string parameters that you want CloudFront to use as a basis for caching.
What happens when you set Cloudfront query string forwarding to None?
None (Improves Caching): Choose this option if your origin returns the same version of an object regardless of the values of query string parameters.
What happens when you set Cloudfront query string forwarding to Forward all, cache based on all?
Cache based on all parameters. Choose this option if your origin server returns different versions of your objects for all query string parameters.
What happens when you set Cloudfront query string forwarding to Forward all, cache based on whitelist?
Cache based on whitelisted parameters. Choose this option if your origin server returns different versions of your objects based on one or more query string parameters.
Then specify the parameters that you want CloudFront to use as a basis for caching in the Query string whitelist field.
You can choose to run a Lambda function when one or more of the following CloudFront events occur:
When CloudFront receives a request from a viewer (viewer request)
Before CloudFront forwards a request to the origin (origin request)
When CloudFront receives a response from the origin (origin response)
Before CloudFront returns the response to the viewer (viewer response)
How can CloudFront send authenticated requests to an Amazon S3 origin? What is the recommended way?
- origin access control (OAC) (recommended)
- origin access identity (OAI)
Whats does Cloudfront OAC support?
- All Amazon S3 buckets in all AWS Regions, including opt-in Regions launched after December 2022
- Amazon S3 server-side encryption with AWS KMS (SSE-KMS)
- Dynamic requests (PUT and DELETE) to Amazon S3