ฝัง
- เผยแพร่เมื่อ 22 ก.ค. 2024
- AWS(Amazon Web Services) introduced a new function that replaces OAI, and it has a very similar name: CloudFront origin access control (OAC) and it brings some new features.
One of the most used AWS architectures is Amazon S3 which is used as the origin to host content (images, videos, other objects), and CloudFront, which is used to deliver them to viewers. Customers can leverage CloudFront OAC to secure S3 bucket access to CloudFront only.
In this video, you will learn:
0:00 Intro
01:32 What is Amazon CloudFront origin access control (OAC)?
02:30 CloudFront OAC new features
03:17 Can you use the S3 bucket static website endpoint and OAC?
04:06 Do you need to migrate to OAC?
04:53 Demo: OAC set up for CloudFront distribution and S3 bucket
13:45 How to use AWS KMS and OAC
Example codes and policies used in this video can be found in our blog post at
www.stormit.cloud/blog/cloudf...
More about Amazon CloudFront at
www.stormit.cloud/cloudfront/
More about other AWS services at
www.stormit.cloud/blog/ - วิทยาศาสตร์และเทคโนโลยี
Thanks for this video! Very helpful
Hi Mike, you are most welcome. If you are interested in learning more about AWS services or StormIT, visit our blog at: www.stormit.cloud/blog/
I read your blogs about AWS Services, You are doing great. Just Keep it up 😊
Hi Muhammad, it's great to see that our content is appreciated. If you need assistance with something more advanced around AWS, let us know by visiting www.stormit.cloud/contact/.
@@stormit9507 Sure Thanks😊
Thanks a lot! Only tutorial of OAC In utube currently present !
Hello Dipanjan, you are welcome. Feel free to visit our blog for more useful information about AWS services - www.stormit.cloud/blog/
very helpful, thanks a lot
Hello, thanks for your comment. If you are interested in learning more about AWS services, visit our website and blog at www.stormit.cloud/
Thanks
thank you for the video. however i have a question. i see that you have stored the image in an encrypted way in s3. however, when requested by cloudfront distribution, is the image transferred in an encrypted way over the network and decrypted at client end or is it decrypted first before transferring over the network to the allowed cloudfront distribution in the kms policy?
Hello, I'm glad you found the video helpful! I'll try to explain how this works. In S3, there is encryption at rest, which means you need a KMS key to access/decrypt these files. However, when CloudFront accesses these files, it decrypts them, and if possible, it encrypts them using an SSL/TLS certificate. These files are then sent through HTTPS. Are you using HTTPS?
Any Idea Why this error is coming
MissingKey
Missing Key-Pair-Id query parameter or cookie value
Hello Rajneesh, thank you for your comment. I think it has something to do with cookies, try reading this two forums about that problem 1) stackoverflow.com/questions/40010849/cloudfront-missing-key-pair-id-cookie-value-with-cookies-present or 2)stackoverflow.com/questions/29784539/why-missing-key-pair-id-query-parameter-or-cookie-value . If you continue to have a problem with it, you can contact us for consultation: www.stormit.cloud/contact/
Does this mean we can’t host a static React website with OAC?
Hello Mr. Random, you are not able to use S3 website endpoint with OAC, for example - bucket-name.s3-website.Region.amazonaws.com. If you are interested in learning more about OAC, read our article about it: www.stormit.cloud/blog/cloudfront-origin-access-control/
You can use the S3 REST API with OAC to host a static website.