Rocky Warren

CloudFront

  • Without CDN, ways to scale include
    • Increasing size or number of servers
    • Configure DDoDS protection, WAF, etc.
  • Content delivery networks (CDNs) act as proxy, receiving requests and only forwarding to origin if necessary
  • Create origin access identity to ensure only CloudFront can access S3 bucket, can keep bucket private
  • Restrict viewer access
    • Signed URLs and cookies: restrict access to specific pages/files with expiration
    • Generated by trusted signers in your AWS account
  • Field-level encryption
    • CloudFront encrypts PII or other fields prior to forwarding to origin
    • Steps
      1. App sends POST with sensitive data
      2. FLE intercepts POST, encrypts data with public key, forwards to origin
      3. Origin stores in database
      4. Admin uses Lambda function to retrieve and decrypt data using private key

Stay up to date

Get notified when I publish. Unsubscribe at any time.