When Amazon CloudFront receives a request it will decode the signature using

When amazon cloudfront receives a request it will

This preview shows page 20 - 23 out of 24 pages.

When Amazon CloudFront receives a request, it will decode the signature using your public key. Amazon CloudFront will only serve requests that have valid policy document and matching signature. Note that private content is an optional feature that must be enabled when you set up your CloudFront distribution. Content delivered without this feature enabled will be publicly readable by anyone.
Image of page 20
Amazon Web Services Overview of Security Processes May 2011 21 Amazon Cloudfront also provides the ability to transfer content over an encrypted connection (HTTPS) to authenticate the content delivered to your users. By default Amazon Cloudfront will accept requests over both HTTP and HTTPS protocols. If you prefer, you can also configure Amazon Cloudfront to require HTTPS for all requests and disallow all HTTP requests. For HTTPS requests, Amazon Cloudfront will also utilize HTTPS to retrieve your object from Amazon S3, so that your object is encrypted whenever it is transmitted. Amazon CloudFront Access logs contain a comprehensive set of information about requests for content, including the object requested, the date and time of the request, the edge location serving the request, the client IP address, the referrer, and the user agent. To enable access logs just specify the name of the Amazon S3 bucket to store the logs in when you configure your Amazon CloudFront distribution. Amazon Elastic MapReduce (Amazon EMR) Security Amazon Elastic MapReduce requires every request made to its API be authenticated so only authenticated users can create, lookup, or terminate their job flows. Requests are signed with an HMAC-SHA1 signature calculated from the request and the user’s private key. Amazon Elastic MapReduce provides SSL endpoints for access to its web service APIs and the console. When launching job flows on behalf of a customer, Amazon Elastic MapReduce sets up an Amazon EC2 security group of the master node to only allow external access via SSH. The service creates a separate security group of the slaves which does not allow any external access. To protect customer input and output datasets, Amazon Elastic MapReduce transfers data to and from S3 using SSL.
Image of page 21
Amazon Web Services Overview of Security Processes May 2011 22 APPENDIX – GLOSSARY OF TERMS AMI: An Amazon Machine Image (AMI) is an encrypted machine image stored in Amazon S3. It contains all the information necessary to boot instances of a customer’s software. API: Application Programming Interface (API) is an interface in computer science that defines the ways by which an application program may request services from libraries and/or operating systems. Authentication: Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Availability Zone: Amazon EC2 locations are composed of regions and Availability Zones. Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same region.
Image of page 22
Image of page 23

You've reached the end of your free preview.

Want to read all 24 pages?

  • Spring '17
  • Amazon Web Services, AWS, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes