Set2(41-50) Flashcards
Q41: IAM Permission Boundries
AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries
Q42: CloudFront for videostreaming
AWS CloudFront is a content delivery network (CDN) service that enables video streaming from an origin server to viewers worldwide with low latency, high transfer speeds, and secure content delivery.
- Adaptive bitrate streaming (ABR): This technology adjusts the video quality in real-time based on the viewer’s internet connection speed, ensuring smooth playback and minimizing buffering.
- Content protection: CloudFront supports multiple content protection options, including signed URLs and signed cookies, to prevent unauthorized access to your video content.
- Analytics and monitoring: CloudFront provides detailed metrics and logs to monitor your video streaming performance and identify issues.
Q46: why cloudfront internal service ip addresses change
The IP addresses used by Amazon CloudFront edge locations are dynamic and can change frequently for a few reasons:
- Load balancing: CloudFront uses dynamic IP addresses to balance the load between edge locations. By dynamically assigning IP addresses, CloudFront can direct traffic to the closest and least busy edge location, which helps improve performance and reduce latency.
- Security: Dynamic IP addresses make it more difficult for attackers to target a specific edge location by IP address, which can help improve the security of your content delivery.
- Scaling: As CloudFront continues to expand its global network, it may add or remove edge locations to better serve its customers. Dynamic IP addresses allow CloudFront to quickly adapt its network without requiring customers to make changes to their configurations.
While the use of dynamic IP addresses may make it more challenging to configure firewall rules or other security controls, CloudFront provides several mechanisms to help manage access to your content, such as signed URLs, signed cookies, and origin access identities. Additionally, AWS provides updated IP address ranges for CloudFront edge locations through the AWS IP Address Ranges JSON file, which can help you keep your firewall rules up-to-date.
Q47: AWS Organizations Console
AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. You can use AWS Organizations to group your AWS accounts into Organizational Units (OUs) and apply policies to those OUs to manage access control, compliance, and security across all of your accounts.
Q50: AWS Global Accelerator
AWS Global Accelerator is a service that enables you to improve the availability and performance of applications by using AWS’s global network infrastructure. With Global Accelerator, you can create static IP addresses (Anycast) that act as a fixed entry point to your application, and AWS routes traffic to the optimal endpoint based on the health and location of your resources.
AWS Global Accelerator is a powerful tool for improving the performance and availability of your applications by leveraging AWS’s global network infrastructure.
GK: Anycast IP Address
An anycast IP address is a single IP address that is assigned to multiple devices in different locations. When a client sends a request to an anycast IP address, the request is routed to the nearest device that is advertising that IP address. This allows for improved performance and redundancy in the network, as clients can connect to the closest device with the lowest latency, and if one device fails, the request can be automatically routed to another device advertising the same anycast IP address.
Anycast IP addresses are commonly used in content delivery networks(CDNs), where multiple servers are spread out across the globe, and in Domain Name System (DNS) services, where multiple servers are used to resolve domain names. Anycast routing can also be used in distributed denial-of-service (DDoS) protection, by spreading traffic across multiple data centers to mitigate attacks.
GK: multicast IP Address
A multicast IP address is a type of IP address that is used to send a single packet of data to multiple recipients at the same time. It is different from a unicast IP address, which is used to send a packet of data to a single recipient, and a broadcast IP address, which is used to send a packet of data to all devices on a network.
With multicast IP, the sender sends a single copy of the data, and the network replicates and delivers the data to all the intended recipients. This allows for efficient use of network resources, as the data is only sent once, regardless of the number of recipients.
Multicast IP addresses are used in applications such as multimedia streaming, online gaming, and video conferencing, where multiple users need to receive the same data simultaneously.
Multicast IP addresses are identified by the Class D IP address range, which ranges from 224.0.0.0 to 239.255.255.255.