amazon-cloudfront

问题 I'm just getting started with permissions on AWS S3 and Cloudfront so please take it easy on me. Two main questions: I'd like to allow access to some users (e.g., those that are logged in) but not others. I assume I need to be using ACLs instead of a bucket policy since the former is more customizable in that you can identify the user in the URL with query parameters. First of all is this correct? Can someone point me to the plainest english description of how to do this on a file/user-by

问题 I want to put WAF in front of API Gateway, and with the (little) info I find that is only possible by manually putting an extra Cloudfront distribution with WAF enabled, in front of APIG. It's a bit of a shame, especially since APIG now supports custom domains natively, but it should work. Now to make the solution secure rather than just obscure, I want to enforce that the APIs can only be accessed through the Cloudfront distro. What is the best option to do this? I was hoping to be able to

问题 I want to put WAF in front of API Gateway, and with the (little) info I find that is only possible by manually putting an extra Cloudfront distribution with WAF enabled, in front of APIG. It's a bit of a shame, especially since APIG now supports custom domains natively, but it should work. Now to make the solution secure rather than just obscure, I want to enforce that the APIs can only be accessed through the Cloudfront distro. What is the best option to do this? I was hoping to be able to

问题 I am setting up CloudFront using CloudFormation, but I need to configure the Headers property of the ForwardedValues property. It should be setup in such a way that all headers are forwarded. I can't find how to do so on neither the ForwardedValues documentation page nor the page that is linked regarding Caching Content Based on Request Headers. This is the CloudFormation 'path' to the Header property: someCloudFrontDistributionName: Type: AWS::CloudFront::Distribution Properties:

问题 I'm working on a project with serverless architecture. I've found that though AWS said API Gateway can protect your resources from DDoS attack. But if there is a bad user which keep sending spam to your service, API gateway can't provide an appropriate way to handle this kind of issues. So I start to figure out what I can do: AWS WAF is an obviously solution. I've found this post on stackoverflow: API gateway with aws waf Then in order to setup WAF, I put a Cloud Front distribution in front

问题 Recently we moved our assets on a CDN Cloudfront. We have noticed that the surfaces were broken on Firefox. After a few minutes of searching, it was a story of CORS. We allowed the field Cloudfront. application_controller : after_filter :set_access_control_headers def set_access_control_headers headers['Access-Control-Allow-Origin'] = CDN_CLOUDFRONT end production.rb : CDN_CLOUDFRONT = "http://xxx.cloudfront.net" This worked very well until yesterday. After several searches and reflections, I

问题 Is there a gem or method available in Rails 3.1 that can upload assets to amazon cloud front automatically and use those instead of serving locally hosted ones? I guess it's easy to upload compiled assets manually and then change the rails app config to use that asset host, but when an asset is modified, the uploads to cloud front would need to be done manually again. Any good ways out there for this? 回答1: Definitely check out asset_sync on github. Or our Heroku dev centre article on Using a

问题 Is there a gem or method available in Rails 3.1 that can upload assets to amazon cloud front automatically and use those instead of serving locally hosted ones? I guess it's easy to upload compiled assets manually and then change the rails app config to use that asset host, but when an asset is modified, the uploads to cloud front would need to be done manually again. Any good ways out there for this? 回答1: Definitely check out asset_sync on github. Or our Heroku dev centre article on Using a

问题 Is there any way to update files stored on Amazon CloudFront (Amazon's CDN service)? Seems like it won't take any update of a file we make (e.g. removing the file and storing the new one with the same file name as before). Do I have to explicitly trigger an update process to remove the files from the edge servers to get the new file contents published? Thanks for your help 回答1: Amazon added an Invalidation Feature. This is API Reference. Sample Request from the API Reference: POST /2010-08-01

问题 I have Amazon S3 objects, and for each object, I have set Cache-Control: public, max-age=3600000 That is roughly 41 days. And I have Amazon CloudFront Distribution set with Minimum TTL also with 3600000. This is the first request after clearing cache. GET /1.0.8/web-atoms.js HTTP/1.1 Host: d3bhjcyci8s9i2.cloudfront.net Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)