A private S3 bucket resource is defined, blocking all public access except by the CloudFront distribution, which employs the Origin Access ID. To host both the original and optimized images, S3 was the obvious and only choice here. I also implement an Origin Access Identity, which prevents public access to the hosting S3 bucket by only allowing the CloudFront distribution to read from it. You could further lock it down by whitelisting requester IP addresses or geo-locking requests. I only employ the AWS Common Rule Set to defend against numerous vulnerabilities. The entire service is behind an AWS WAF Web access control list. Note that SAM resource definitions can differ dramatically from the same resource definitions using straight CloudFormation syntax. SAM provides an alternative shorthand for defining certain serverless-specific resources in a CloudFormation template. The CloudFormation template implements AWS’s Serverless Application Model (SAM) syntax.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |