1
00:00:01,360 --> 00:00:08,320
Hello and welcome back more as three scenary best questions one of your clients is using it.

2
00:00:08,350 --> 00:00:09,290
Yes.

3
00:00:09,430 --> 00:00:18,210
And he's wondering how can he sort of private content from a story to the subscribed users securely.

4
00:00:18,250 --> 00:00:21,720
Keeping in mind that the subscribers are not users.

5
00:00:21,730 --> 00:00:27,560
Remember what we call these the that users are not users.

6
00:00:27,790 --> 00:00:29,080
They don't have credentials.

7
00:00:29,080 --> 00:00:30,000
Yes.

8
00:00:30,040 --> 00:00:36,150
So these are public users in a sense that they are not authenticated they're not authenticated users.

9
00:00:36,160 --> 00:00:36,620
Why not.

10
00:00:36,620 --> 00:00:37,740
And syndicated.

11
00:00:37,750 --> 00:00:39,820
They don't have any obvious credentials.

12
00:00:39,850 --> 00:00:49,150
Think of Dropbox or any cloud service where you can now save files and download drives upload and all

13
00:00:49,150 --> 00:00:52,740
that.

14
00:00:52,880 --> 00:01:01,270
If you are sharing a file with someone does that one have to have an account on Dropbox.

15
00:01:01,270 --> 00:01:02,060
The answer is No.

16
00:01:02,110 --> 00:01:04,720
On Microsoft SharePoint the answer is No.

17
00:01:04,780 --> 00:01:06,410
They will send you an email link.

18
00:01:06,490 --> 00:01:15,220
If you click on that link that is a signed link that can allow you securely to access the file or the

19
00:01:15,220 --> 00:01:22,840
files that are shared with you or allow you to upload files as well to that folder in that cloud solution

20
00:01:22,840 --> 00:01:25,390
or Sharepoint whatever the solution is.

21
00:01:29,050 --> 00:01:34,590
Keeping in mind that subscribers are not users and have no obvious credentials.

22
00:01:34,720 --> 00:01:39,870
The client maintains information IDs about subscribed users in a separate.

23
00:01:39,870 --> 00:01:41,330
It obviously is.

24
00:01:41,380 --> 00:01:50,110
How can your client achieve this achieve what set of that content privately and securely to the subscribed

25
00:01:50,110 --> 00:01:50,640
users.

26
00:01:50,660 --> 00:01:55,110
And no one else would be able to get to that a create either.

27
00:01:55,120 --> 00:02:08,000
Yes I am users and provide them permissions to read the objects can be said of the content through cloud

28
00:02:08,000 --> 00:02:11,120
front instead of direct from S3.

29
00:02:11,240 --> 00:02:13,720
This one I can immediately rule out.

30
00:02:13,880 --> 00:02:14,630
Why.

31
00:02:14,720 --> 00:02:20,540
Because this is talking about plug front as opposed to a story not about the security of cloud.

32
00:02:20,570 --> 00:02:23,010
Cloud front as opposed to S3.

33
00:02:23,030 --> 00:02:30,110
So that's why I don't see leverage pre-signed you or else for each user to access the private content

34
00:02:30,140 --> 00:02:31,780
when they want to access it.

35
00:02:32,000 --> 00:02:34,760
So this is a potential correct answer.

36
00:02:34,780 --> 00:02:41,250
The configure your as three bucket policy to allow these users access to the private content only.

37
00:02:41,300 --> 00:02:42,110
This cannot be done.

38
00:02:42,110 --> 00:02:42,650
Why.

39
00:02:42,960 --> 00:02:46,800
Although I can configure users in the bucket policy.

40
00:02:47,120 --> 00:02:54,560
I can do I am users I can I do I am groups or user groups and I can do I am rules as well.

41
00:02:54,560 --> 00:03:02,120
That can be configured and I can do asterisk which is anyone and I can do of course account canonical

42
00:03:02,150 --> 00:03:05,380
ID or they count IDs so you can do that.

43
00:03:05,450 --> 00:03:09,620
But here when we are talking about specified set of users how can you.

44
00:03:09,650 --> 00:03:14,360
Are you going to configure configure rules after rules of the rules of the rules Grand's of the guns

45
00:03:14,360 --> 00:03:21,700
are against it remember that the policy can be maximum 20 kilobyte I you want to be able to do that.

46
00:03:21,990 --> 00:03:27,980
And if someone thinks about the object of it as you can not define users in the object itself.

47
00:03:28,410 --> 00:03:29,540
So what do we do then.

48
00:03:29,760 --> 00:03:34,240
Then this one seems to be the right answer for this case.

49
00:03:34,320 --> 00:03:35,730
Why not this one.

50
00:03:35,730 --> 00:03:36,840
A is wrong.

51
00:03:36,870 --> 00:03:44,100
Why if C is the correct one then it is wrong but we didn't find out what created this AM users remember

52
00:03:44,100 --> 00:03:51,270
what they said about the subscribers the subscribers are not users and users are either users and they

53
00:03:51,270 --> 00:03:52,780
have no obvious credentials.

54
00:03:52,780 --> 00:03:54,720
I mean those have to be credentials.

55
00:03:54,720 --> 00:03:56,010
That's why it's wrong.

56
00:03:56,010 --> 00:03:57,560
So C is the correct answer.

57
00:03:59,800 --> 00:04:04,470
Is incorrect use of content do not need to have the earliest accounts to access the content.

58
00:04:04,480 --> 00:04:07,610
That's what they said that users do not have it of his credentials.

59
00:04:07,620 --> 00:04:09,520
B How would this help.

60
00:04:09,520 --> 00:04:15,930
Problem is not about the performance or the answer is not complete C is correct.

61
00:04:16,000 --> 00:04:24,910
DS incorrect because these are not either of us users to start with and the correct answer is C Google

62
00:04:24,930 --> 00:04:31,920
information for the scope presented to you or else can be used to provide temporary access because usually

63
00:04:31,920 --> 00:04:36,090
define an expiration to that as well to a specific object.

64
00:04:36,240 --> 00:04:43,180
To those who do not have either of us credentials exemple is customers who bought web sites subscription

65
00:04:43,240 --> 00:04:45,220
or for their subscriptions online.

66
00:04:46,480 --> 00:04:52,270
By default all objects are private and only the object owners owner can access it.

67
00:04:53,940 --> 00:04:58,150
To share an object you have to either make it public and that's one way.

68
00:04:58,170 --> 00:05:03,750
But if you don't want to do it for everyone then you generate pre-signed you or else to grant access

69
00:05:03,750 --> 00:05:11,120
for a limited time to this object or objects using the object owner's own security credentials.

70
00:05:11,130 --> 00:05:16,530
So take a break now and I will see you in the next lecture with more of your ass knowledge and practice.

71
00:05:16,530 --> 00:05:17,250
I'll see you then.