I have everything running great using EC2, RDS, S3, and CDN. Now to make sure everything is secure.
Question 1: can the EC2 server access S3 through the VPC or does S3 have to be public?
Question 2: if S3 has be be public can I restrict more than what I have in this picture?
1) S3 storage has to be public, since clients access files directly from Amazon
2) When files are uploaded the permission is always set to private or public for each file, so I'm not sure if these settings will override per file settings, so I suggest you you to try and see if it will work.