AWS CloudFront and Storage Gateway

- CDN Service.
- Global service.

  - Edge location : They are separate to Region/AZ. They are not just READ only.  We can write to them as well.

Origin: Origin of all the files that the CDN will distribute. This can be either, an s3 bucket, an EC2 instance, an ELB or Route 53.
- USeful in mitigating DDoS attack

Web distribution: Used for websites

Distribution: The name given the CDN which consists of  collection of Edge locations.

RTMP:  Used for Media Streaming  . Used for Adobe flash.

Objects are cached till the life of the TTL.

The object/content cache can be cleared or invalidated, for that you will be charged. For e.g. invalidated a newly added video.

Create Invalidation to clear the cache.

Coludfront PCI compliance:
- Enable CloudFront access logs.
- Capture requests that are sent to the CloudFront API. F
PCI DSS
- You can configure your origin to include a Cache-Control:no-cache="field-name" header in responses that contain credit card information,
  such as the last four digits of a credit card number and the card owner's contact information.

Storage Gateway:

File Gateway: For flat files, directly stored in s3

Stored volume: store primary data locally and asynchronously Data getting backed up to s3. This is stored as snapshot. Block level changes monitored.

-iSCSI protocol

-Cached volume: 

 Up to 32TiB. Retains recently read data in your on-premise’s gateway storage cache and upload buffer storage.

  Minimize the need to scale on-premise infrastructure and provide low latency access to the frequently accessed data.

Stored volume keeps the entire data set locally whereas cached volume keeps the active data.

• Gateway VM + storage disk.

At its heart it is a way of using AWS S3 managed storage to supplement on-premise storage. It can also be used within a VPC in a similar way.

VTL : Virtual Tape based Gateway.

Used for tape based application.

Tape drive m/c + media changer + hard disk

AWS WAF:
- Web application firewall
- Helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
 - Gives control over how traffic reaches your applications by enabling you to create security rules .
- Sec rules block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define.