How a Content Delivery Network (CDN) Can Help Your Website
ACM.254 What is CloudFront and why do we want to use it?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: Application Security | Secure Code | AWS Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post I wrote about how to deploy an S3 bucket to host static website content.
In this post I’m going to explain what CloudFront is and why you might want to use it. CloudFront is a Content Delivery Network (CDN).
What is a Content Delivery Network (CDN)?
A CDN hosts takes your web content from where it resides and pushes it to servers closer to the people who are requesting your web pages. For example, I can host my web pages in an S3 bucket. Then I configure CloudFront to push the files to storage points all over the world. When someone from India requests my website, they would get the file closest to them. That would make the page load faster than if it came all the way from the United States.
The amount of time from the point you request a page to the point it is loaded in your browser is called latency.
A CDN lowers the latency so people can get your content faster.
AWS CloudFront is a CDN
AWS CloudFront is a CDN. You can put it in front of a website to get the benefits of distributed content, leverage integrated security features, and tweak settings for better website performance.
The AWS CloudFront landing page currently states:
Reduce latency by delivering data through 450+ globally dispersed Points of Presence (PoPs) with automated network mapping and intelligent routing.
You can also integrate various security features with AWS CloudFront such as an AWS Web Application Firewall (WAF) or AWS Shield which helps protect your site from DDoS attacks.
A DDoS attack is a distributed denial of service attack where an attacker sends more traffic to your website than it can handle, until it is crushed under the load of all the requests and cannot respond anymore. If you are using CloudFront and an attacker tries to take dow your website, they would need to affect every one of those points of presence to block your website everywhere. It’s a lot easier to bring down a single S3 bucket or server.
Protect your S3 buckets!
There are many settings you can use to optimize the CDN for performance, cost, and security. One that is beneficial for our static website is that we can give CloudFront access to our S3 bucket rather than making the bucket “public” to expose it to the entire Internet.
What does that do for us? It makes our policies much easier! We can create a policy across our organization that disallows public S3 buckets completely. A single policy is easier than managing a bunch of exceptions.
And that way…you never need a public S3 bucket.
CloudFront has a lot of different configuration options, and it is important to configure them correctly to avoid security problems.
In the upcoming posts we need to understand some of the CloudFront configuration options and how to deploy CloudFront. We’ll also need to deploy an S3 bucket policy that allows CloudFront to access the bucket and serve up the content in it. We also need to get content into our bucket. Recall that I deployed a GitHub repository and added the content there. Somehow we want to get that content into our bucket. I will take a look at GitHub actions but not promising I will actually use them.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab