

Amazon CDN (CloudFront) Adds Private Content - timf
http://developer.amazonwebservices.com/connect/ann.jspa?annID=638

======
mmastrac
We use Amazon CloudFront to serve our static CSS and JS for dotspots.com. It's
a fantastic and cheap pay-as-you-go CDN.

My only beefs:

1\. Still no support for a root index.html (ie: serving the / URL from a
domain) in either S3 or CloudFront, meaning you can't host a static site
entirely on CloudFront.

2\. No support in CloudFront for origin servers other than S3. Not a big deal,
but CloudFront is so convenient that I'd like to stick it in front of more
dynamic content as well.

~~~
xal
My biggest beef is that you can't expire data on the edges. You have to rename
the files. For some reason they decided to ignore the query parameters to a
url when caching so for /img.png?123 they simply look up file /img.png in the
cache. If they would just stop doing that it would be trivial to deliver newer
versions to the edge servers by simply referring to it as /img.png?124 . If
they could just add this it would work perfectly for most use cases I can come
up with.

~~~
mmastrac
Yeah, that requires a lot of work for us too. We rename files to their MD5
hash, but it requires a post-processing step in our deployment process.

------
alecco
<http://aws.amazon.com/cloudfront/#details>

    
    
        By default, files delivered through Amazon CloudFront are
        publicly readable by anyone on the Internet. However, if you
        require greater control over who can download or stream your
        files, you can use Amazon CloudFront’s private content feature.
        When this option is enabled, Amazon CloudFront will only deliver
        files or stream media when you say it is okay to do so by
        securely signing your requests. There is no additional charge
        for using the private content feature.
    

I don't get it, signed requests? But private CDN sounds very good.

~~~
timf
It's described here:

[http://docs.amazonwebservices.com/AmazonCloudFront/latest/De...](http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?PrivateContent.html)

It works mostly like S3 signed requests (last section of the following URL):

[http://docs.amazonwebservices.com/AmazonS3/latest/RESTAuthen...](http://docs.amazonwebservices.com/AmazonS3/latest/RESTAuthentication.html#RESTAuthenticationQueryStringAuth)

... except with an added step of making a CloudFront identity that is the only
entity allowed to access the S3 object behind what you want to serve via
CloudFront.

