Amazon AWS Certified Advanced Networking Specialty – Networking & AWS Primer Part 10
28. Cross Origin Resource Sharing (CORS)
Hey everyone and welcome back. In today’s video we will be discussing about the cross origin resource sharing. So the cross origin request sharing also referred as a course is a way to make use of the additional Http headers to tell the browsers to let web application running on one origin. So origin here can refer to a domain to have permissions to access the resource from a different origin. So let’s understand this with an example. So let’s say there is a front end of Java code for the web application which is served from the domaina. com.
So this web application which is running on domaina. com tries to make an XML Http request to API domain. com data JSON. So now what is happening is there are two domains which are involved over here the domain A is making the request to API domain B. Com. So this is cross origin and by default browser will not allow this browser has the same origin policy. So let me quickly show you this with a quick demo so that the cause would be easily understandable. So I have a directory over here and within this directory I have a file call as index HTML.
So let me open this up and this is the content of index HTML over here which is hello world but this is not the entire content. Let’s quickly do an inspect over here and within here you see basically it gave an error saying that there is an access to XML Http request to this specific domain from the origin has been blocked by the course policy no access control allowed. Origin is header is present on the requested resource. So this is very similar. So basically this file, my index HTML file is trying to make a Http request to my demo hyphens SC Amazonas. com.
So this is similar where you have a content here which is trying to make an XML Http request to a different domain wire and this is the reason why the browser has blocked the contents over here. So now the question that comes is how we can go beyond this because many times it happens that you are storing your applications in s three and from there you are trying to make a cross origin request. So how can you allow that?
Now, since this is a certification based course, the exams basically focus on how you can go around this scenario specifically for the applications which are hosted in S three. So let me quickly show you one thing on how you can go around this scenario. But before we do that, let me quickly open up this. My index HTML file in is I’ll be sharing all of these files which are present over here so you can try it out in your workstation as well. So I have opened this up in my Notepad. Now if you see this is a simple HTML file. So here within the head section we are basically referencing to the jQuery here and then within the script section here, we are basically trying to load this specific HTML file which is my demo hyphencosvizona compile HTML.
So this is the file that we are trying to load along with the file which we have here. So basically, if the course is allowed within the browser, you should be able to see Hello World. And along with that you should be able to see the contents which are present within the URL which you see over here. So basically if I open this up, the URL, this URL basically contains this is my load HTML. So if the course is allowed, then you should be able to see the Hello World message and you should be able to see this is my load HTML file. Now, coming back to the S three bucket, I have an S three bucket called My demo hyphen course. So this bucket basically contains my load HTML file and this is the file that we are trying to load from our My index dot HTML. Now, in case of S three, if you want to allow cause, there is a specific way in which you can do that. So if you go to the permissions section, there is an option for course configuration. And here you need to put the course configuration. Now, I have a sample course configuration which is allowed over here.
So let me copy this up and I’ll paste it within my S three and I’ll click on Save. Now, if you look into the course configuration, there is one important course rule which is allowed origin and we are specifying the star so all the origins would be allowed. So once you have added this course configuration rule, let’s try to open the My index HTML file again. And now you see, you are able to see Hello World and you are also able to see this is my load HTML file. Now, the reason why you are able to see this part is because we had added the cause within our S three bucket configuration. So I hope at a high level overview you understood what cause is all about. Now, in case of demo, in case you want to try this out within your workstation, what you need to do, you can copy this entire directory. I’ll be posting this up. So first thing, download the entire contents over here. Second thing, create an S three bucket. So let’s go to S three. I’ll create a bucket for this demo. I’ll call it as KP Labs calls hyphen demo. I’ll go ahead and create it. All right, so this is KP lapse cause demo.
Next thing, we have to make this public for our demo purpose. Let’s remove the rules which prevents the objects from being public. I’ll click on save. Let’s do a confirm. Great. Once I’ve done that, let’s go back to the overview. I’ll click on Upload, I’ll add a file and I’ll add my load HTML. All right. So this is the My load HTML. Let’s go ahead and make this file public. Great. Once you have made this file public, verify you are able to load this object URL from your browser. In my case, we are able to successfully load that. This is My load HTML file. So since we are directly making the request over here, you will be able to load. But if the request is coming from a different origin, browser will block it. Now the next thing, just open up the My index HTML file over here and replace this specific URL. All right, you can go ahead and replace this specific URL and once you have done that, try to open My index HTML. And as expected, we are just seeing the hello world.
We are not able to see any other data. If you click on Inspect you should be able to see that the browser has blocked due to Course. So now the next step go to s Three. Go to permissions. We need to go to Course configuration. Now just copy this sample template. Now this template basically allows the origin to be Start. You can also specify a specific origin. Let’s say all the request is going to come from domaina. com. You can specify the origin as well. But for our simplicity, we are going with the Start. Once you’ve done that, click on Save. Once you have saved, let’s click on Refresh. And now you see you should be able to see that this is My.
29. Connection Draining in ELB
Hey everyone and welcome back. In today’s video we will be discussing about the connection draining feature in ALB. Now, if you are using Elastic load balancing service in production environment, having understanding of connection draining feature is extremely important. So let’s go ahead and understand what this is all about. Now, in the process of using an ELB, it might happen that you might want to deregister the instance from the load balancer to perform some kind of updates to the application or some kind of a patching activities. Now, let’s assume that you have one ELB and that ELB has two easy two instances and you might want to update the application which is running. So you do not update the application when the instances are live and serving the traffic in the ELB. So what you do, you deregister the specific instance from the ELB, you perform all the updates and once the application is up and running, you register it back to the load balancer.
So in case if you deregister the EC two instance, let’s assume you deregister the EC two instance, then all the existing connections would be blocked. So let’s say that you have a server here and you deregister it. Then all the existing connections of the customer who are doing some kind of a shopping, if it is an ecommerce based website, ETCA. Would be disconnected and this is not a good thing to do. Now, in order to handle this type of a scenario, ELB has a feature called connection training which allows the existing connections to complete before the EC to get deregistered. Now, this is a configurable value. So by default ELB will wait for 300 seconds before completing the deregistration process. So let me quickly show you this. So I’m in my load balancer here. So these are all the configurations of a classic load balancer. Now, within the instances over here, you see there is a connection draining over here which is enabled and the configurable value is 300 seconds.
So let me click on edit so you can change this specific timeout to the configurable value. So basically you see it states that the number of seconds to allow the existing traffic to continue flowing. So, as we discussed, let’s say there are multiple instances which are connected to the ELB. And while deregistering you do not want all the existing connections which are associated with the EC two instance that you want to deregister. You don’t want those connections to be immediately terminated. You want to give certain amount of time so that the existing connections can complete. So this is the reason why you have the connection training.
So when you deregister the instance from the load balancer, the ELB will allow the existing connections for the next 300 seconds to complete. After 300 seconds the instance will be deregistered and it might happen that most of the connections would typically complete and client will not have a bad experience. When you are removing the specific EC two instance from the elastic load balancer now, in case if you do not have the connection training over here, then as soon as you deregister, the server will be out and all the existing connections would be broken and the client will not really have a good user experience.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »