![]() With Origin Access Identity (OAI) feature, access can be restricted to an Amazon S3 bucket, making it only accessible from CloudFront. Through geo-restriction capability, users can be prevented in specific geographic locations from accessing content that is distributed through CloudFront. With Signed URLs and Signed Cookies, Token Authentication is supported to restrict access to only authenticated viewers. With Amazon CloudFront, access is restricted to content through a number of capabilities. Additionally, CloudFront provides a number of TLS optimizations and advanced capabilities such as full/half bridge HTTPS connections, OCSP stapling, Session Tickets, Perfect Forward Secrecy, TLS Protocol Enforcements and Field-Level Encryption. ACM automatically handles certificate renewal, eliminating the overhead and costs of a manual renewal process. AWS Certificate Manager (ACM) can be used to easily create a custom SSL certificate and deploy to an CloudFront distribution for free. With Amazon CloudFront, content, APIs or applications can be delivered over HTTPS using the latest version Transport Layer Security (TLSv1.3) to encrypt and secure communication between viewer clients and CloudFront. Learn more about AWS Best Practices for DDoS Resiliency. With CloudFront as the “front door” to an application and infrastructure, the primary attack surface is moved away from critical content, data, code and infrastructure. All of these services co-reside at the AWS edge and provide a scalable, reliable, and high-performance security perimeter for applications and content. Protection against network and application layer attacksĪmazon CloudFront, AWS Shield, AWS Web Application Firewall (WAF), and Amazon Route 53 work seamlessly together to create a flexible, layered security perimeter against multiple types of attacks including network and application layer DDoS attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |