Author: admin

In AWS CloudFront you have 216 edge locations as I mentioned previously. Well each of these edge location costs money for how much data you’re exporting, some edge locations cost more than others. So how do we control the pricing while maintaining a wide range of edge locations around the world? That’s where price classes…

You can set up CloudFront to be used for your EC2 instances! In order to use it you will need to make the instance public and allow CloudFront edge location IPs by creating a security group that permits traffic from those IPs. If you want to keep your instances private you can simply use an…

This is a simple concept to go over at the high level. Cloud Front is what’s known as a Content Delivery Network, it is placed at the 216 and possibly growing edge location all over the world and what it does is it allows users to connect to the Cloud Front endpoint closest to them…

Let’s say you have users in a finance group and users in a dev group and they both need to access specific parts of you bucket and only specific parts, well you can set up access points! Similar to how you attach a bucket policy to your bucket which can allow for scaling you can…

S3 Glacier Vault Lock is fairly simple. It allows you to prevent deletion and editing of all objects in your S3 bucket. This is useful for compliance reasons and even administrator accounts will be unable to delete objects. S3 object lock is a little more in depth. This allows you to lock down the ability…

Let’s say you have an object in your bucket, you don’t want to make the object public but you need to give someone access for a short amount of time, say a few minutes up to a few days. You can create a pre-signed URL from S3 and this will allow you to share access…

S3 access logs allow you to have an in-depth look into who, when, and what users are accessing from your bucket. You simply go into the setting of the bucket you’d like to log, select another bucket that will receive these access logs. They will be created as objects within that bucket that you can…

When you delete objects in buckets with versioning enabled you set a delete marker on that object, then you can go in and permanently delete that file. What if you want to prevent people from deleting these files? Well there’s a simple solution and it’s MFA delete. When MFA delete is enabled the only way…

CORS stands for Cross-Origin Resource Sharing and is essentially security for your web client. In S3 www.example.com and info.example.com would be considered different origins while www.example.com/data and www.example.com/users would be the same origin. CORS allows for two origins to share resources. Let’s say you access a site in origin 1, your client connects and the…

Which to choose, which to choose, there are a few options of encryption I’d like to go into. The two major being Server Side Encryption, SSE, and Client Side Encryption, CSE. SSE encrypts/decrypts objects on the server side while CSE does so on the client side. There are multiple types of SSE that I will…