CloudFront

Cloud front > create OAI -then put ID in bucket policy so only allow cloudfront to distribute  s3 content ( navigating to the s3 wont be allowed)

Cloud front > signed URLS - create using sdk a policy with url expiration, ip ranges,  must code the app yourself to verify users and generate urls

Caching Content Based on Query String Parameters

Some web applications use query strings to send information to the origin. A query string is the part of a web request that appears after a ? character; the string can contain one or more parameters, separated by & characters. In the following example, the query string includes two parameters, color=red and size=large:

http://d111111abcdef8.cloudfront.net/images/image.jpg?color=red&size=large

For web distributions, you can choose whether you want CloudFront to forward query strings to your origin and, if so, whether to cache your content based on all parameters or on selected parameter

 

PCI compliance / HPIAA

enable CloudFront access logs

Capture requests that are sent to  CloudFront API