Category

IAM

Using Active Directory Federation Services (ADFS) to Authenticate / Authorize Node.js Apps in Windows Azure

Azure integration with Active directoryIt’s gotten easy to publish web applications to the cloud, but the last thing you want to do is establish unique authentication schemes for each one. At some point, your users will be stuck with a mountain of passwords, or, end up reusing passwords everywhere. Not good. Instead, what about extending your existing corporate identity directory to the cloud for all applications to use? Fortunately, Microsoft Active Directory can be extended to support authentication/authorization for web applications deployed in?ANY?cloud platform.?In this post, I’ll show you how to configure Active Directory Federation Services (ADFS) to authenticate the users of a Node.js application hosted in Windows Azure Web Sites and deployed via Dropbox.

How to Log AWS CloudFront Access Request Data

AWS CloudFront is a content distribution service offered by AWS to speed up the distribution of static content, such as media files, html, js, css, etc. CloudFront provides the log file option to log the end user access request data, its status and other relevant information. The log file will be stored in the S3 bucket. The log file can be in the same bucket as the distribution origin or it can also be in a separate bucket. The user can configure the same bucket for multiple distributions. The user can specify the prefix to the log file to distinguish the distribution details. The CloudFront stores the data to the log file periodically. Each log record will have the user access details, such as the date, time, the edge location information which served the content, the bytes from the server to the client, the client IP, the protocol (HTTP/s), the query string, and more.

The user account where the CloudFront distribution is located should have full access to the S3 bucket. If the bucket belongs to some other AWS account, provide the access rights.

The present guide demonstrates how to enable logging for the CloudFront download or the streaming distribution.

How to Create a CloudFront Download Distribution with Custom Origin

AWS CloudFront is a content distribution service offered by AWS to speed up the distribution of static content, such as media files, html, js, css, etc. CloudFront serves its content through its ever growing edge locations network. The AWS CloudFront serves its content from the origin server configured during the distribution configuration. For the download distribution, CloudFront supports custom origins similar to a storage device such as an HTTP server. CloudFront supports the AWS services, such as EC2, and ELB as the custom origin. While working with the custom origin, the following is recommended:

  • The clocks of the custom origin is synchronized with AWS
  • Host and serve the same content on all the servers
  • The origin must be available publicly

The CloudFront streaming distribution does not support the custom origin functionality.

The present guide demonstrates how to create a download distribution for the AWS CloudFront using AWS EC2 as the custom origin.

How to List, View and Update the CloudFront Streaming Distribution

AWS CloudFront is a content distribution service offered by AWS to speed up the distribution of static content, such as media files, html, js, css, etc. CloudFront can stream media files using the Adobe Real-Time Messaging Protocol (RTMP). It is required that the streams file is on AWS S3 and should not be served from any other origin. The user can stream the file using a JWPlayer, Adobe Flash player or flow player. The user can create a streaming distribution. The end user can view the streamed media file using the player specified by the user.

The AWS allows creating multiple streaming distributions for a single bucket and the user can stream the media objects using any of the valid streaming distributions.

The present guide demonstrates how to list, view or update an existing streaming distribution.

Secure Your Cloud Building Blocks: Overview and a Few Tips

AWS Cloud Security TipsThe cloud enables great agility and can reduce costs if used right. But does it also manage risk? In fact, the cloud contains the same traditional hosting risks as well as specific related risks to your production environment running on the cloud. With IaaS dynamic environment you pay only for what you use enabling alignment with actual real-time demand. The cloud instance is a temporary resource that is created from a gold master image automatically and on demand. This basic cloud automation capability makes traditional patching redundant and fast provisioning extremely easy. It is an important consideration that changes some basic security deployment perceptions when moving from traditional infrastructure to the cloud.

How to Configure the Cache Behavior for a CloudFront Download Distribution

AWS CloudFront is a content distribution service offered by AWS to serve low latency content with high data speed. CloudFront caches the object to its edge location. The user can configure how long an object can stay in the cache. When creating a CloudFront download distribution, it allows the user to configure the caching behavior for the different path patterns: E.g. one cache behavior is for all .css files while the other is for all .jpg files. When a new distribution is created, CloudFront forwards all requests to the origin specified during the creation of the distribution. The user can add another caching behavior for a different path pattern.

The present guide demonstrates how to configure the cache behavior for a download distribution.

How to Create an Origin Access Identity for AWS CloudFront

AWS CloudFront is a content distribution service offered by AWS to speed up the distribution of static content, such as media files, html, js, css, etc. The user needs to create a distribution of their bucket?or of the AWS service.

When CloudFront serves the objects from AWS S3, it is required to provide public access of that object so that the others can access it. When the object permission is set as mentioned above, the end user can also access the object directly from AWS S3 using the URL: http://<bucketname>.s3.amazonawsaws.com/<objectname>

The user can secure access of their CloudFront distribution using signed URLs. If the user wants to setup a signed URL it is also required that the access of the S3 bucket for the general public is restricted. To restrict access to the AWS S3 bucket, the user can configure an origin access identity.

The origin access identity is a special CloudFront user. The user can allow access to only this CloudFront user using the S3 bucket access and policy. If the origin access identity has been configured and some other user tries to access the AWS S3 object directly, access will be denied as it is accessible to only the origin access identity.

The present guide demonstrates how to create an origin access identity for CloudFront streaming or the download distribution.

How to Add Trusted Signers to the CloudFront Distribution

AWS CloudFront is a content distribution service offered by AWS to speed up the distribution of static content, such as media files, html, js, css, etc. The user needs to create a distribution of their bucket?or of the AWS service.

The user may want to restrict access of the object distributed through CloudFront. The user can specify access of the object using CloudFront signed URLs such that others cannot access it without the signed URL. To create signed URLs for the AWS S3 objects, the user needs at least one AWS account that has an active CloudFront key pair. This account is called the trusted signer.

When the trusted signer is added to the CloudFront distribution, CloudFront requires that the user uses a signed URL to access the object from AWS S3. CloudFront verifies the signed URL to ensure that it is valid and not tampered.

The present guide demonstrates how to add trusted signers for CloudFront streaming or the download distribution.

How to Create or Delete the CloudFront Key Pairs

AWS CloudFront is a content distribution service offered by AWS to serve low latency content with high data speed. The user may want to restrict the access of the object distributed through CloudFront. E.g. the user may restrict that the distribution should be accessed only through their application such that no one else can access it outside their application. The user can specify access of the object using the CloudFront signed URLs such that others cannot access it without the signed URL. To create signed URLs for the AWS S3 objects, the user needs at least one AWS account that has an active CloudFront key pair. The CloudFront key pair can be downloaded only by the AWS account owner as the IAM users are not allowed to create the CloudFront key pairs.

The present guide demonstrates how to create or delete the CloudFront key pairs.

Amazon Cloud Inches Closer to the Enterprise with VPC

amazon-vpc-01Amazon’s AWS ?VPC?(Virtual Private Cloud) is like a canvas. It lets you define private networks, the way they interact with each other, routing, and security. Now, it even lets you terminate VPN connections from your main corporate network out-of-the-box and, best of all, it doesn’t cost you anything to use it.

Hitchhiker's Guide to The Cloud

Newvem's eBook for Cloud Operations