S3 静态网站和 CloudFront 之间的加密
Encryption between S3 Static Web Site and CloudFront
我们是 运行 S3 中的静态网站,使用 CloudFront 进行分发。 CloudFront 已分配 SSL 证书,因此我们正在接收 HTTPS 流量并将 HTTP 重定向到 HTTPS。
我要确定的是,这是否意味着从 CloudFront 到 S3 静态站点强制执行了 TLS?
如果是这样,我正在寻找一个参考说明 - 我们需要应用端到端加密以实现合规性,我需要能够 verify/prove 这已经到位。
谢谢!!!
does mean that TLS is enforced from CloudFront to the S3 Static Site?
不,不是。静态 S3 网站仅为 HTTP。 Docs 说明:
If your Amazon S3 bucket is configured as a website endpoint, you can't configure CloudFront to use HTTPS to communicate with your origin because Amazon S3 doesn't support HTTPS connections in that configuration.
we need to have end to end encryption applied for compliance
对于端到端 SSL,您必须设置 origin access identity (OAI) for your CF. This means that the bucket can't be in website mode. Instead, it has to be configured for OAI access as explained in the docs. To enforce HTTPS between CF and S3 you must ensure 您的“将 HTTP 重定向到 HTTPS 或仅 HTTPS 的查看器协议策略”。
我们是 运行 S3 中的静态网站,使用 CloudFront 进行分发。 CloudFront 已分配 SSL 证书,因此我们正在接收 HTTPS 流量并将 HTTP 重定向到 HTTPS。
我要确定的是,这是否意味着从 CloudFront 到 S3 静态站点强制执行了 TLS?
如果是这样,我正在寻找一个参考说明 - 我们需要应用端到端加密以实现合规性,我需要能够 verify/prove 这已经到位。
谢谢!!!
does mean that TLS is enforced from CloudFront to the S3 Static Site?
不,不是。静态 S3 网站仅为 HTTP。 Docs 说明:
If your Amazon S3 bucket is configured as a website endpoint, you can't configure CloudFront to use HTTPS to communicate with your origin because Amazon S3 doesn't support HTTPS connections in that configuration.
we need to have end to end encryption applied for compliance
对于端到端 SSL,您必须设置 origin access identity (OAI) for your CF. This means that the bucket can't be in website mode. Instead, it has to be configured for OAI access as explained in the docs. To enforce HTTPS between CF and S3 you must ensure 您的“将 HTTP 重定向到 HTTPS 或仅 HTTPS 的查看器协议策略”。