O'Reilly logo

Learning AWS - Second Edition by Amit Shah, Aurobindo Sarkar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing the application

You will need to secure your application and the origin because hackers could bypass CloudFront to access your origin. In this section, we will briefly discuss access control features you can use for restricting access to the origin.

Amazon S3 uses an Origin Access Identity (OAI) to prevent direct access to your Amazon S3 bucket while ensuring performance benefits for all customers. It works by using a pre-shared secret header and limiting access by whitelisting CloudFront only. Hence, only CloudFront can access the Amazon S3 buckets. However, your origin may not be a S3 bucket, therefore you also need the ability to protect a custom origin. In this case, we whitelist the CloudFront IP range and use a pre-shared secret ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required