Object Storage and Content Delivery: S3 and CloudFront Flashcards
Static website on Amazon S3 with custom domain name
Requires that the bucket name matches the DNS name / record set name in Route 53
503 errors experienced with new site and thousands of user
Request rate is too high
Discrepancy with number of objects in bucket console vs CloudWatch
Use Amazon S3 Inventory to properly determine the number of objects in a bucket
Need to enforce encryption on all objects uploaded to bucket
Use a bucket policy with a “Condition”: { “Bool”: { “aws:SecureTransport”: “false” statement for PutObject and with the resource set to the bucket
Unauthorized users tried to connect to S3 buckets. Need to know which buckets are targeted and who is trying to get access
Use S3 server access logs and Athena to query for HTTP 403 errors and look for IAM user or role making requests
Need to provide access to third-party to S3 bucket and must limit amount of access. List of users changes a lot
Use a pre-signed URL allowing access to the specific files
Need to protect S3 data from ransomware attacks that encrypt data
Enable S3 versioning
After enabling MFA on a bucket, what operations will require MFA authentication?
Permanently removing object versions and suspending versioning on the bucket
Files are downloaded from S3, edited and uploaded with same file name. Sometimes they are accidentally modified or deleted
To allow recovery enable versioning on the bucket
Existing application uses EC2, RDS, EFS and S3. Need to enable encryption
Can enable encryption only on S3 (as already deployed)
Static website deployed but “HTTP 403 Forbidden” message received
Add bucket policy granting everyone read access to objects
Application on EC2 must save files to Amazon S3 and needs access
Create an IAM role for S3 access and attach to EC2 instance
History of revisions to files stored in an S3 bucket must be maintained
Implement S3 versioning
Large volume of log files stored in S3 bucket and processed daily
Most cost-effective option is S3 standard
Need to restrict S3 bucket access to same account after previously shared with other account
Change ACL to restrict only to bucket owner
Static content is served from Amazon S3 with long loading times
Use CloudFront to cache for better performance
Need to use custom domain name with CloudFront
Create an alias record in Route 53 pointing to the distribution URL
CloudFront in front of ALB and EC2 and logging enabled. Need to view logs for HTTP layer 7 status codes
Check ALB access logs and CloudFront access logs
App running on EC2 with RDS multi-AZ has static content on S3. Need to improve performance as load testing slowed it down
Use CloudFront to cache the content
Need to secure S3 bucket that is used with CloudFront
Use an OAI and grant permissions to read objects in the bucket
Website with dynamic content and need to restrict access from certain countries and regions
Use Amazon CloudFront geo-restriction and Amazon Route 53 geolocation routing
