CloudFront
Last updated
Last updated
|
A CDN (Content Delivery Network) to cache the web content to lower the latency.
An service of AWS to provide edge location which is the nearest to the users.
CloudFront allows you to customize cache behavior based on various request headers.
By setting the cache behavior to cache based on the Accept-Language request header, CloudFront can store and serve language-specific versions of the website content, reducing the need to repeatedly fetch the content from the ALB for users with the same language preference.
S3
EC2
ELB
Route53
Security feature allows you to encrypt sensitive data (credit card, email...) at the field level.
Client-side encryption: data encrypted using public key provided by CloudFront
Data sent to cloudfront
CloudFront decrypt the data using private key, then forward to the server
Response to client
If you choose Origin Protocol Policy for Match Viewer, then CloudFront will direct exactly what policy the user is using (HTTP -> HTTP; HTTPS -> HTTPS).
If you HTTPS only then every request will go to HTTPS.
Make sure that you're in the US-East-1 (N. Virginia). You must be in this Region to create Lambda@Edge functions.
service allows dev to run serverless Lambda functions on edge location.
To customize the content that CloudFront deliver.
Use cases:
Dynamic content: customized content for each location.
Security compliance: enforce security policies (blocking malicious, content filtering)
Performance optimization: caching frequently accessed content.
Change CloudFront request & response.
A little javascript helper running at CloudFront edge.
Execution location
at CloudFront edge
at CloudFront edge
Use cases
Simple modification: - URL redirect - Header manipulation
More complex computing - Accessing external resources - Generating responses
Limit
lower execution limits 1ms, 2MB memory, 10KB total package
5s (viewer trigger) 30s (origin trigger)
128MB, 1MB total package
Network access
No
Yes
File system access
No
Yes
Access to the request body
No
Yes
Just as you create a URL to share a file to your friend -> The friend does not need authenticate to access your OneDrive or Google Drive folder, but still be able to access the file only. And this link is temporary.
Each signed URL has its own expiration time.
Cons:
Less efficient for bulk access -> You can not manually create every file that you have.
Use cases:
Client does not support cookies.
Want to restrict access to single file, installation download only.
Send the required Set-Cookie headers to the viewer which will unclock the content only to them.
Use case:
video content for member-only on streamming service such as Netflix, Amazon Prime, Hulu...
you do not want to change the URL
to require HTTPS for communication between viewers and CloudFront, change the Viewer Protocol Policy setting to Redirect HTTP to HTTPS, or HTTPS Only
Better cache hit
Better network performance
Better origin load
1. Increase the TTL of your objects
2. Configure the distribution to forward only the required query string parameters, cookies, or request headers for which your origin will return unique objects.
3. Remove Accept-Encoding header whenMS compression is not needed
4. Serving Media Content by using HTTP
If you use AWS origins such as Amazon S3, Amazon EC2 or ELB, you don’t pay for any data transferred between these services and CloudFront.
Edge location: location where content will be cached.
Origin: S3 bucket, EC2 instance, ELB....the source of the content to be delivered.
Distribution: collection of edge locations.
KeyValuestore:
Unlike ELB, CloudFront has a default SSL certification. To use custom SSL certification, config it in us-east-1.
CloudFront is a global service that is managed from the US East (N. Virginia) region. All CloudFront configurations and certificates need to be in the same region for management purposes.
for more detailed information, refer .
Can grant access, expiration time to multiple resources -> more efficient than
