CloudFront 4 Flashcards

1
Q

Private Distros

What’s a Private Distribution?

A

Requires signed cookies or signed URLs for all access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Private Distros

How do you set certain parts of a Distro to be private?

A

Per Behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Private Distros

Old way to sign things for a Private Distribution?

important

A

Use the account’s single CloudFront Key (one per account) to sign it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Private Distros

Who creates CloudFront Keys?

important

A

Only the account root user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Private Distros

What’s a Trusted Signer?

important

A

The account that owns a CloudFront Key: account can sign URLs and cookies with the key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Private Distros

What’s the new way to sign URLs and cookies?

important

A

Trusted Key Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Private Distros

Why are Trusted Key Groups preferred (2)?

A

Can have multiple keys (flexibility), don’t need root user to create them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Private Distros

2 reasons to use a signed cookie over a signed URL?

important

A

Grant bulk access to groups of things, want clean URL space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Private Distros

2 reasons to use a Signed URL over a Signed Cookie?

important

A

One-off access to a Single Object or if client doesn’t support cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Geo Restriction

How does Geo Restriction work?

important

A

Pick countries to allow-list or deny-list. Works at country-level only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Geo Restriction

How accurate are Geo Restrictions?

A

Uses GeoIP database that claims 99.8% accuracy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Geo Restriction

Where do you set Geo Restriction?

A

On an entire CF Distribution only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Geo Restriction

What’s the sequence for GeoRestriction when a HTTP request comes in?

A

Edge looks-up source IP in AWS GeoIP DB. If allowed, serves the request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Geo Restriction

What is “3rd party geo location”?

important

A

Completely customizable way to restrict access based on custom compute you provide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Geo Restriction

What happens if a request comes in that isn’t allowed due to Geo Restriction or 3rd party Geo location?

A

403 (Forbidden) returned by CF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Geo Restriction

Examples of what a 3rd party geo location can restrict based on?

A

Username, license agreement, your own geo database, time of day, anything

17
Q

Geo Restriction

What’s the sequence of requests for 3rd party geo location?

A

Browser -> your app server, gets signed thing back, browser calls CF with signed thing, CF grants access

18
Q

Geo Restriction

How does CF know if your 3rd party code approves or denies access to content?

A

Your 3rd party code gave the browser a signed URL or cookie, CF checks for this

19
Q

Geo Restriction

What happens if a browser doesn’t supply a valid signed URL/cookie to CF when 3rd party enabled?

A

Denied: this completely delegates all logic to a server prior to calling CF

20
Q

Geo Restriction

What’s wrong with the name “3rd party geo location”?

A

Has nothing to do with GEO. Your code can make decisions on anything it wants

21
Q

Geo Restriction

Key thing to pay attention to in questions asking about restrictions?

important

A

If country code, use Geo Restriction. Everything else is 3rd party.

22
Q

Geo Restriction

What do you call a CF distro that only serves content signed by your app server?

A

“Private Distribution”: alwasy 403 unless request is signed.

23
Q

Lambda@Edge

Where do you configure Lambda@Edge functions?

A

Per-Behavior

24
Q

Lambda@Edge

Why are Lambda@Edge functions considered “lightweight”?

A

Only Node & Python, not in VPC, no Layers, smaller limits on sizes

25
Q

Lambda@Edge

Example use case for Lambda@Edge viewer request function?

A

Redirect user to login page if certain auth header not present

26
Q

Lambda@Edge

Example use case for Lambda@Edge origin request function?

A

React to browser type or screen size

27
Q

Lambda@Edge

Example use case for Lambda@Edge origin response function?

A

Send a pretty 200-status page if certain origin errors

28
Q

Lambda@Edge

How can you use Lambda@Edge for better deployments?

A

A/B testing via Viewer Request function

29
Q

Lambda@Edge

How can you use Lambda@Edge to customize content?

A

Origin Request picks content based on client device