VPC part2

 VPC part2

Class 42nd AWS VPC June 11th

IP Address division Task

Create a vpc with 512 IPs CIDR range 

1.Divide the VPC CIDR to 4 subnets with 128 IPs.

2.Divide the VPC CIDR to 4 subnets with 64,64,128,256 IPs

 Second task completed successfully.

Task2	Subnets	CDIR Block	Subnet range	Subnet range
	Subnet1	10.0.2.0/23	10.0.2.0/26	10.0.2.63
	Subnet2		10.0.2.64/26	10.0.2.127
	Subnet3		10.0.2.128/25	10.0.2.255
	Subnet4		10.0.3.0/24	10.0.3.255

VCP Component

 Create internet gateway 

After create cci-igw, attached to our vpc 

Route tables 

While created vpc automatically one route table created default ,if you are not specified any route table condition by  default all our network operation will perform with that default route table.

Create our own public route table

Step1:

Step2:

After created ,need specify some rule to the route table 

Which is we have created subnet -->through route table -->access internet gate called as public subnet 

                                          subnet --> called as private subnet

 

Step3:

Create one more Route table for private

Step1:Not give any rules to internet gate way for private route table that means no internet access for this route table

Security Group Setup

Step1:

When every you create vpc automatically one security group created, you select your security group using your VPC ID ,edit give any name 

Edit the inbound rules, delete the existing security group ,add one rule with all traffic click save rules

Practical with Server Behavior, attached VPC subnet

Step1: Created one window machine ,select existing vpc and public subnet

 

After created ,Window machine need to get the password connect >Action >security >get password 

upload downloaded .pem key file save the password 

Step2: Using public  ip 54.246.26.83 RDP connected and also able access internet .

 Private subnet instance creation steps 

Step1:  Create one instance ccit-private 

Step2: try to connect instance local RDP ,getting error 

ccitprivate subnet edit check enable auto-assign public IPV4 address click save 

Step3:
This Private Subnet Route table internet gateway not enabled to subnet ,so using private ip with in AWS environment i.e with in ec2 instance( for ccitpublic), try to connect using  private ip

with private connected , but internet unable to acces as you see below screen shot

Step4: If you want internet for the private subnet ,simple attach the internet way to the private subnet 

See now internet coming in private instance also 

--Done 

What are the IPV4 & IPV6 addresses ?

0      0    0    0 

8bit 8bit8bit8bit

What is IPV4?

An IPV4 (internet protocol version 4) address is a number label assigned to each device connected to a computer network that uses the internet protocol for communication

It is a 32 bit ip address, and we can generate a maximum 4 billion+ addresses with this IPv4.

Each block in this IP address called Octets and each Octet can hold maximum 8 bit memory. 4(Octets)*8(bits)=32. That’s why it called 32 bit ip address.

The Aws Free Tier for Ec2 will include 750 hours of public IPV4 address usage per month for the first 12 months,effective 01-Feb-24

0.0.0.0 ip 255*255*255*255 =   4,228,250,625 400cores (it is very less)

For instance as you see we have Public  54. 246.26.83,3.253.84.108  charged and private are free

What is IPV6 ?

0      0    0    0 

16bit 16bit16bit16bit

.An IPV6(inter protocol version 6) address I alpha numerical label assigned to each device connected to a computer network that uses the internet protocol for communication

It is  a128 but ip address,and we can generate a maximum 3 trillion+ addresses with this IPV6

Each block in this IP address can hold maximum 16 bits memory.8(blocks)*16(bits)=128.That’s why it is called 128 bit ip address.

The cost of the public IPV6 addresses in AWS is currenly free,due to their huge availability 

VPC (Elastic Ips,NAT Gateways,VPC Peering ,Security groups)

Elastic Ip: It fixed IP giving to you instead of floating ip.

An Elastic IP address is a static public IPv4 address associated with you AWS account in a specific region.

Unlike an auto-assigned public IP address, an Elastic IP address is preserved after you stop and start you instance in a virtual private cloud(VPC).

It is associated with you AWS account,not a specific instance.you can reassign an Elastic IP address from one instance to another

Useful for maintaining a consistent IP address for external resources to reach your instances.

An Elastic IP address is for use in a specific region only, and canot be moved to a different region

The default quota of Elastic IPs per region is 5 and it is adjustable

 AWS charges $0.005 per/hour/elastic or public IP.

this Elastic IP to create >allocate IP Address click allote.

Nat Gateway: (using nat gateway able to connect internet in private instance, with that 

A Nat gateway is a network Address translation (NAT)service.

You can user a NAT gateway so that instance in a private subnet can connect to services outside you VPC but external service cannot initiate a connection with those instances

Step5: Create one NAT GATE it is chargeable click Allocate elastic IP after allocated created NAT gateway

Step6: Your private route table  attach the nat gateway ip click save

Step7:After attached Private instance also internet will coming .

--Thanks 

VPC part1

 VPC part1

Class 41th AWS VPC June10th

Virtual Private cloud (Network protocol)

AWS managed service :(Simple storage s3,Dynamo db,IAM..etc)

Customer managed service: (Ec2,ELB..etc)(network support required to connect the user)

What is the VPC ?

Amazon Virtual Private cloud(VPC) allow you to create a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.

For ex: Total house is the one network room divided into subnet ,if subnet public access ,so the instance public else private.Region(Compound wall)

Two different network combined we called as peering 

Application servers (All Public subnets)

Database servers(All private subnets)

VPC Components 

CIDR Block    (Classless inter domain range)

Specifies the IP address range for the VPC (eg.,10.0.0.0/16)

Subnet 

 Definition: A range of IP Address in your VPC. subnets allow you to partition the VPC's IP address range into smaller segments

 Public subnet: Has a route  to the internet via an internet gateway.

Private subnet:No direct route to the internet 

Route tables

Definition: Contains a set of rules(routes)that determine where network traffic is directed 

Main route table :Default route table for the VPC 

Custom route table :Additional route tables that can be associated with one or more subnets.

Internet Gateways

Definition: A horizontally scaled, redundant, and highly available VPC components that allows communication between instances in your VPC and the internet.

Usage:Attach an IGW to your VPC to enable internet access for instances in a public subnet.

NAT Gateway

Definition:A managed network address translation(NAT)service that enables instances in a private subnet to connect to the internet or other AWS service while preventing the internet from initiating connections with those instances,

Usage :Deploy in  a public subnet to provide outbound internet access for instances in private subnets.

VPC Peering 

Definition: A networking connection between two VPCs that enables you to route traffic between them privately.

Usage:Can peer VPCs within the same AWS region or Across  different regions (inter-region VPC peering)

Security Group

Definition:Acts as a stateless firewall at the subnet level to control inbound and outbound traffic.

Usage:State filters traffic based on specified rules.

Network ACLS

Definition :Acts as a stateless firewall at the subnet level to control inbound and outbound traffic.

Usage:Provides an additional layer of allowing or denying specific IP traffic to subnets

Elastic IP address

Definition :a statis IPV4 address designed for dynamic cloud computing.

Usage:can be associated with instances in you VPC to allow incoming internet traffic

Two Ip's address 

Public ip address

Private ip address(internal purpose subnet)

CDIR Range (Classless inter domain range)

10.0.0.0/n,  n= net mask  16 to 32 (32 is MaxNetmask number- Which Netmask you have provided)

32-30= 2 power(2,2)=4 ip's will come

32-31=1 power(2,1)=2 ip's will come

32-32=0 powner(2,0)=1 ip's will come

32-29=3 power(2,3)=8 ip's will come

As see above some the ip's are marked red color and yellow color  those ip's are reserved requirementd not provided ,one subnet has maximum 255 only.

Practical 

Step1: Create one vpc ccitsubnet1vpc

here 10.0.1.0/25 means  32-25=7 power(2,7)=128 ip's will come

Step2: Create subnet for the VPC 

We plan to divided 128 /2 for 64 for 1 subnet and 64 for 2 subnet

As you see gvien below 59 ips are allotted only out 64, because 5 were reserved ips for internal usee

Step3: create other subnet2 for same vpc, see below same vpc first vpc 

 subnet1 10.0.1.0/26  =64 ips  (10.0.1.0)..(10.0.1.64)

 subnet2 10.0.1.65/26 =64 ips (10.0.1.65)..(10.0.128)

--Thanks 

Multipart Upload

Multipart Upload

Class 40th AWS Multipart Upload June9th

(AWS Recommended ,you are upload the file more than 100 MB ,the will be split chucks, finally join the chuck into single file that is best approach to upload s3 bucket.)

• Multipart upload allow users to break a single file into multiple part and upload them independently.
• You can upload these object parts independently and in any order. If transmission of any part fails, you can retransmit that part without affecting other parts 
• After all parts of your object are uploaded, Amazon S3 assembles these parts and create the object.
• In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.
• You can split the file into 1000 Slices maximum. Each file must be 5 mb in size .Incomplete upload part remain in the S3 and AWS Charges for that.

Practical

Step1: Create one bucket "ccitmultipartupload1" 

First choose the file 284 MB (split the file) using command, The command you need to run  in git hub 

$ split -b 50M video.mp4 video_part_

Administrator@DESKTOP-AV2PARO MINGW64 ~/Desktop/mulitpart

$ ls -lrt

total 1175740

-rw-r--r-- 1 Administrator 197121 298403108 Dec 12 11:06 video.mp4

-rw-r--r-- 1 Administrator 197121 607142013 Dec 15 09:04 video_20241215_085947.mp4

-rw-r--r-- 1 Administrator 197121  52428800 Jun 11 00:48 video_part_aa

-rw-r--r-- 1 Administrator 197121  52428800 Jun 11 00:48 video_part_ab

-rw-r--r-- 1 Administrator 197121  52428800 Jun 11 00:48 video_part_ac

-rw-r--r-- 1 Administrator 197121  52428800 Jun 11 00:48 video_part_ad

-rw-r--r-- 1 Administrator 197121  52428800 Jun 11 00:48 video_part_ae

-rw-r--r-- 1 Administrator 197121  36259108 Jun 11 00:48 video_part_af

Step2: Upload the files in the newly created bucket using Cli command 

PS C:\Users\Administrator> aws configure

AWS Access Key ID [****************HWK4]: AKIATFBMO7H4BGIOIEW6

AWS Secret Access Key [****************uOLH]: 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

Default region name [eu-west-1]: eu-west-1

Default output format [None]: json

what is the use of this command means upload id will generate the key , based on the key we will join them into single file 

PS C:\Users\Administrator\Desktop\mulitpart>aws s3api create-multipart-upload --bucket ccitmultipartupload2 --key video.mp4 --region eu-west-1

{

    "ServerSideEncryption": "AES256",

    "Bucket": "ccitmultipartupload2",

    "Key": "video.mp4",

    "UploadId": "XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl"

}

See here upload S3 bucket showing empty ,until you joining all part of the file the uploaded file will not shown

Step3:

Part1

PS C:\Users\Administrator\Desktop\mulitpart>  aws s3api upload-part --bucket ccitmultipartupload2 --key video.mp4 --part-number 1 --body C:\Users\Administrator\Desktop\mulitpart\Video_part_aa --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl

{

    "ServerSideEncryption": "AES256",

    "ETag": "\"f6279bc6c5aa4efa009c0d599cd1b206\"",

  

Part2

PS C:\Users\Administrator\Desktop\mulitpart> aws s3api upload-part --bucket ccitmultipartupload2 --key video.mp4 --part-number 2 --body C:\Users\Administrator\Desktop\mulitpart\Video_part_ab --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl

{

    "ServerSideEncryption": "AES256",

    "ETag": "\"5224ca5d459b8044bb554cfffdc4c122\"",

    "ChecksumCRC64NVME": "VVdRkDOJyYg="

}

Part3

PS C:\Users\Administrator\Desktop\mulitpart> aws s3api upload-part --bucket ccitmultipartupload2 --key video.mp4 --part-number 3 --body C:\Users\Administrator\Desktop\mulitpart\Video_part_ac --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl

{

    "ServerSideEncryption": "AES256",

    "ETag": "\"e9942afaa877e2a530da4b06d8eae9fb\"",

    "ChecksumCRC64NVME": "9touXfRy/cc="

}

Part4

PS C:\Users\Administrator\Desktop\mulitpart> aws s3api upload-part --bucket ccitmultipartupload2 --key video.mp4 --part-number 4 --body C:\Users\Administrator\Desktop\mulitpart\Video_part_ad --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl

{

    "ServerSideEncryption": "AES256",

    "ETag": "\"fcdd80466dd85133c87772e41123f3fa\"",

    "ChecksumCRC64NVME": "tctu0jHQJ1A="

}

Part5

PS C:\Users\Administrator\Desktop\mulitpart>aws s3api upload-part --bucket ccitmultipartupload2 --key video.mp4 --part-number 5 --body C:\Users\Administrator\Desktop\mulitpart\Video_part_ae --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl

{

    "ServerSideEncryption": "AES256",

    "ETag": "\"9318088f5b6055f1f5af8f69bf982b49\"",

    "ChecksumCRC64NVME": "yjZxdkyCmm8="

}

Part6

PS C:\Users\Administrator\Desktop\mulitpart> aws s3api upload-part --bucket ccitmultipartupload2 --key video.mp4 --part-number 6 --body C:\Users\Administrator\Desktop\mulitpart\Video_part_af --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl

{

    "ServerSideEncryption": "AES256",

    "ETag": "\"d602321594b8219b5d0a857a4e5d34cd\"",

    "ChecksumCRC64NVME": "WSsI3fzEWg8="

}

Complete.jon file created in current directory Vedio.mp4 directory

{

  "Parts": [

    { "ETag": "f6279bc6c5aa4efa009c0d599cd1b206", "PartNumber": 1 },

    { "ETag": "5224ca5d459b8044bb554cfffdc4c122", "PartNumber": 2 },

    { "ETag": "e9942afaa877e2a530da4b06d8eae9fb", "PartNumber": 3 },

    { "ETag": "fcdd80466dd85133c87772e41123f3fa", "PartNumber": 4 },

    { "ETag": "9318088f5b6055f1f5af8f69bf982b49", "PartNumber": 5 },

    { "ETag": "d602321594b8219b5d0a857a4e5d34cd", "PartNumber": 6 }

  ]

}

Final step (use the above Etags and UploadId)

-----------------------------------------------------------

aws s3api complete-multipart-upload --bucket ccitmultipartupload2 --key video.mp4  --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl --multipart-upload "file://complete.json"

PS C:\Users\Administrator\Desktop\mulitpart> aws s3api complete-multipart-upload `

>>   --bucket ccitmultipartupload2 `

>>   --key video.mp4 `

>>   --upload-id XOdv_ADNJnTuS38S6iXGxorl0TFVpDFCGoEJ2FoO9wx0cpkIhrzMZks4phjX.y_1HUCWDBZKJ9LNO6sVEUOBSud6Y047fk3CcKI3mAhbo2r_QbK_T1DYkTUtj7jbs5Jl `

>>   --multipart-upload "file://complete.json"

{

    "ServerSideEncryption": "AES256",

    "Location": "https://ccitmultipartupload2.s3.eu-west-1.amazonaws.com/video.mp4",

    "Bucket": "ccitmultipartupload2",

    "Key": "video.mp4",

    "ETag": "\"f5827b4132193b51faf9d0aa9d1768e1-6\"",

    "ChecksumCRC64NVME": "JNuhFkcmQ8c=",

    "ChecksumType": "FULL_OBJECT"

}

Full file uploaded successfully..

Using Phyton Program also we can do Split and upload the file to S3 bucket using below code

Step1: Delete the exist split files in the folder ,See here file path hut coded,use using flex  using dynamically uploads

import boto3
from botocore.exceptions import NoCredentialsError, PartialCredentialsError

# AWS S3 credentials
ACCESS_KEY = 'AKIATFBMO7H4BGIOIEW6'
SECRET_KEY = '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'
BUCKET_NAME = 'ccitmultipartupload2'
REGION = 'eu-west-1'

def multipart_upload(file_path, bucket_name, key_name):
    """
    Perform a multipart upload to S3.
    
    Args:
        file_path (str): Local path to the file to upload.
        bucket_name (str): Target S3 bucket.
        key_name (str): Target key in the S3 bucket.
    """
    s3_client = boto3.client(
        's3',
        aws_access_key_id=ACCESS_KEY,
        aws_secret_access_key=SECRET_KEY,
        region_name=REGION
    )

    # Create a multipart upload
    response = s3_client.create_multipart_upload(Bucket=bucket_name, Key=key_name)
    upload_id = response['UploadId']
    print(f"Multipart upload initiated with UploadId: {upload_id}")

    try:
        parts = []
        part_number = 1
        chunk_size = 50 * 1024 * 1024  # 50 MB chunks

        # Read the file and upload in chunks
        with open(file_path, 'rb') as file:
            while True:
                data = file.read(chunk_size)
                if not data:
                    break

                print(f"Uploading part {part_number}...")
                part_response = s3_client.upload_part(
                    Bucket=bucket_name,
                    Key=key_name,
                    PartNumber=part_number,
                    UploadId=upload_id,
                    Body=data
                )
                parts.append({'PartNumber': part_number, 'ETag': part_response['ETag']})
                part_number += 1

        # Complete the multipart upload
        print("Completing multipart upload...")
        s3_client.complete_multipart_upload(
            Bucket=bucket_name,
            Key=key_name,
            UploadId=upload_id,
            MultipartUpload={'Parts': parts}
        )
        print("Multipart upload completed successfully!")

    except Exception as e:
        print(f"Error occurred: {e}")
        print("Aborting multipart upload...")
        s3_client.abort_multipart_upload(Bucket=bucket_name, Key=key_name, UploadId=upload_id)
        print("Multipart upload aborted.")

# Example usage
file_path = 'C:/Users/Administrator/Desktop/mulitpart/video.mp4'
key_name = 'video.mp4'
multipart_upload(file_path, BUCKET_NAME, key_name)

PS C:\Users\Administrator\Desktop\mulitpart> python app.py

Multipart upload initiated with UploadId: 2hLmWOuhdZFPHj0z7bSm0fer3amVbXPnstLAeKx01UT.eG6tHuq7_2Ll32EalvWz8W3WKpo8_vSCuoSvZOQR.Hk9AlLDY_hsbKEpFsoeWDPyC0jMkqVCf5RFxTt4T5b.

Uploading part 1...

Uploading part 2...

Uploading part 3...

Uploading part 4...

Uploading part 5...

Uploading part 6...

Completing multipart upload...

Multipart upload completed successfully!

Step2:

                                               Cross Origin resource Sharing (CORS)

Step1:Create one bucket while create bucket uncheck blocking all public access 

          ccitpublicbucket1

       

Step2: Usign Bucket policy generate give permission to the bucket 

ccitpublicbucket1

and Then Click add statement >Generate policy 

Copy the json 

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Sid": "Statement1",

      "Effect": "Allow",

      "Principal": "*",

      "Action": "s3:*",

      "Resource": "arn:aws:s3:::ccitpublicbucket1/*"

    }

  ]

}

Step3:

Click Save , Now the bucket is public any one can able to access the files in the bucket 

Step4: Create one file source.html ,save with below code 

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <title>Source Page</title>

</head>

<body>

    <h1>Source Page</h1>

    <div id="data">

        <p>This is some data in the source page.</p>

        <p>More data here.</p>

    </div>

</body>

</html>

Step4: Create one file Dest.html ,save with below code 

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <title>Read Data from Another Page</title>

</head>

<body>

    <h1>Data from Another HTML Page</h1>

    <button id="loadData">Load Data</button>

    <div id="result"></div>

    <script>

        document.getElementById('loadData').addEventListener('click', () => {

            fetch('https://ccitpublicbucket1.s3.eu-west-1.amazonaws.com/Source.html')

                .then(response => response.text())

                .then(htmlString => {

                    // Parse the HTML string into a DOM

                    const parser = new DOMParser();

                    const doc = parser.parseFromString(htmlString, 'text/html');

                    

                    // Extract data from the parsed HTML

                    const data = doc.querySelector('#data').innerHTML;

                    

                    // Display the extracted data

                    document.getElementById('result').innerHTML = data;

                })

                .catch(error => console.error('Error fetching data:', error));

        });

    </script>

</body>

</html>

Step5: Upload the file to source.html file to  ccitpublicbucket1, the end point of the file 

copy that https://ccitpublicbucket1.s3.eu-west-1.amazonaws.com/Source.html

Step6: Dest.html fetch(https://ccitpublicbucket1.s3.eu-west-1.amazonaws.com/Source.html)

Change that file and save and then upload the dest.html to same public bucket

Step7:While click the endpoint source html source text 

Source.html 

Step8:Destnnation html, while click load data coming from text source html.

Step9: Create one more bucket  create bucket default only unchecked blocking all public access 

          ccitprivatebucket1

Step10: Bucket policy Click Save 

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Sid": "Statement1",

      "Effect": "Allow",

      "Principal": "*",

      "Action": "s3:*",

      "Resource": "arn:aws:s3:::ccitprivatebucket1/*"

    }

  ]

}

Step10: Upload only the dest.html file in the private bucket ccitprivatebucket1

open object url, click Loaddata ,As see getting error

Access to fetch at 'https://ccitpublicbucket1.s3.eu-west-1.amazonaws.com/Source.html' from origin 'https://ccitprivatebucket1.s3.eu-west-1.amazonaws.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Origin is S3: ccitpublicbucket1 , This is different origin ccitprivatebucket1,so the reason not allowed 

Step11: For Cross origin need to give permission to different origin 

[

    {

        "AllowedHeaders": [

            "*"

        ],

        "AllowedMethods": [

            "GET",

            "POST",

            "PUT"

        ],

        "AllowedOrigins": [

             "https://ccitprivatebucket1.s3.eu-west-1.amazonaws.com"

        ],

        "ExposeHeaders": [

            "x-amz-server-side-encryption",

            "x-amz-request-id",

            "x-amz-id-2"

        ],

        "MaxAgeSeconds": 3000

    }

]

ccitpublickbucket1>Permission>edit cross-origin give above code click save 

See now data come from one origin to another origin ,This is only warning favicon ,just icon of url not provide just warning error. 

                                                     Cloud Front(Global service)

Content Delivery network :

We have hosted one static website below 

Step1: Static website ,in the ccitpublicbucket1 >permission >Bucket policy 

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Sid": "Statement1",

      "Effect": "Allow",

      "Principal": "*",

      "Action": "s3:*",

      "Resource": "arn:aws:s3:::ccitpublicbucket1/*"

    }

  ]

}

and then in Static website hosting and then save 

upload the html static page to the bucket 

Step2:Click the endpoint of the file, if are same region it will open quickly 

if you are in other region ,Canada ,usa , it will take time due Geographically distance to far 

like this situation ,edge caches will help you speed up the website

Step3:For that aws we have cdn, cloud front need enabled ,where your edge location web site will be distributed there .

For ex:- if any access our static page(india) from canada, they edge  location already distributed

they will the cache from near location not from India region,so latency will reduce speed the process 

Select the ccitpublicbucket1

Step4:Enable Origin Shield,(Caching the website in the edge location, where you required) select No 

Origin shield is an additional caching layer that can help reduce the load on your origin and help protect its availability.

Step5: CDN created successfully

 

 --Done 

For Ex:-For Understanding ,course.html page edited the text "IT Sector" Save the file upload to public bucket,ccitpublicbucket1

 Step1: Course.html just added text "IT SECTOR subbu"

  

Step2: Now you see the difference endpoint of the bucket join changes are reflected immediately

 Step3: CDN or  aws cloud front changes are not reflected immediately 

Step4: For that you need enable one policy in the distribution 

Cache key and origin requests

•    Cache policy  

   Caching Optimized   (it is default policy)

    Click view policy

As you see below 86400 Seconds it will refresh the edge location , if you want refresh immediately 

you need create you own policy 

>Click create policy given policy name and give the values 30 second ,so edage location will refresh 30 second ,click create policy 

Attach the own policy which we have create above, choose ccitpolicy under cache policy click save changes    

Private Bucket (without bucket public policy,the policy gave to distribution)

Step6: Create one more CDN using ccitprivatebucket1 this  time 

You must update the S3 bucket policy
CloudFront will provide you with the policy statement after creating the distribution.

here you can access file from private bucket using cloud front endpoint using policy

WAF  enable click Create distribution

Step7:

{

        "Version": "2008-10-17",

        "Id": "PolicyForCloudFrontPrivateContent",

        "Statement": [

            {

                "Sid": "AllowCloudFrontServicePrincipal",

                "Effect": "Allow",

                "Principal": {

                    "Service": "cloudfront.amazonaws.com"

                },

                "Action": "s3:GetObject",

                "Resource": "arn:aws:s3:::ccitprivatebucket1/*",

                "Condition": {

                    "StringEquals": {

                      "AWS:SourceArn": "arn:aws:cloudfront::216989104632:distribution/E24UYTF97GKQCF"

                    }

                }

            }

        ]

      }

Step8: above policy need ,give you ccitprivatebucket1 policy click save 

ccitprivatebucket1 >permission >Bucket policy above json clode copy past click save 

Step9: Distribution url able to access bucket images  

Step10: As you see bucket endpoint getting access denied , we have given Cross origan policy to the bucket for the distribution,so the reason able access bucket object by distribution url

--Thanks