AWS CloudFront

  • Content Delivery Network (CDN)
  • Improves read performance, content is cached at the edge
  • 216 points of presence globally
  • DDoS protection, integration with Shield, AWS Web Application Firewall
  • Can expose external HTTPS and can talk to internal HTTPS backends

CloudFront — Origins

  • S3 bucket
    For distributing files and caching them at the edge
    Enhanced security with CloudFront Origin Access Identity (OAI)
    CloudFront can be used as an ingress (to upload files to S3)
  • Custom Origin(HTTP)
    Application Load Balancer
    EC2 Instance
    S3 Website (must first enable the bucket as a static S3 website)
    Any HTTP backend you want

CloudFront Geo Restriction

  • You can restrict who can access your distribution
    *Whitelist: Allow your users to access your content only if they are in one of the countries on a list of approved countries
    *Blacklist: Prevent your users from accessing your content if they are in one of the countries on a blacklist of banned countries
  • The “country” is determined using a 3rd party Geo-IP database
  • Use case: Copyright Laws to control access to content

CloudFront vs S3 Cross Region Replication

  • CloudFront
  • S3 Cross Region Replication

CloudFront Caching

  • Cache base on Headers / Session Cookies / Query String Parameters
  • The cache lives at each CloudFront Edge Location
  • You want to maximize the cache hit rate to minimize requests on the origin
  • Control the TTL (0 seconds to 1 year), can be set by the origin using the Cache-Control header, Expires header…
  • You can invalidate part of the cache using the CreateInvalidation API

CloudFront Signed URL /Signed Cookies

CloudFront Signed URL vs S3 Pre-Signed URL

CloudFront — Field Level Encryption




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What to do, When your beautiful Kali Linux Machine suddenly turns into a Terminal OS ?

100 Days of Code(Day 10 and 11)

VideoNFT Pre-Alpha Source Code Release

How to Apply Facebook Design Principles to Regression Testing

VideoCoin Network Welcomes Jetson Nano and Raspberry Pi Workers

Set Another Place for Plato

Building An Interactive Web App Using Shiny Package In R


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Creating CRON Jobs using Amazon Event Bridge

Build Multi-tier Architecture on AWS from Scratch (Wordpress Apps)

How to Create a Custom AMI with Image Pipeline and Automate its Creation Using EC2 Image Builder

Adding SSL/TLS to a Web Application using AWS Application Load Balancer