AWS CloudFront (AWS Certified Solutions Architect - Associate)

Rohit PagoteRohit Pagote
4 min read

Table of contents

AWS CloudFront

  • AWS CloudFront is a CDN (Content Delivery Network).

  • It is a global service.

  • Improves read performance, content is cached at the edge.

  • Improves user experience.

  • 216 Point of Presence globally (Edge Locations).

  • DDoS protection (because worldwide), integration with Shield, AWS Web Application Firewall.

CloudFront - Origins

  • S3 Bucket

    • For distributing files and caching them at the edge locations.

    • Enhanced security with CloudFront Origin Access Control (OAC).

    • OAC is replacing OIA (Origin Access Identity).

    • CloudFront can be used as an ingress (to upload files to S3).

  • Custom Origin (HTTP)

    • Application Load Balancer

    • EC2 instance

    • S3 website (must first enable the bucket as a statice S3 website)

    • Any HTTP backend you want

CloudFront - S3 as an Origin

CloudFront - ALB as an Origin

  • Read it on the internet.

CloudFront - Geo Restriction

  • You can restrict who can access your distribution.

    • Allow list: Allow your users to access your content only if they are in one of the countries on a list of approved countries.

    • Block list: Prevent your users from accessing your content if they are in one of the countries on a list of banned countries.

  • The 'country' is determined using a third-party Geo-IP database.

  • Use case: Copyright Laws to control access to content.

CloudFront VS Cross Region Replication

  • CloudFront

    • Global Edge Network

    • Files are cached for a TTL (maybe a day)

    • Great for static content that must be available everywhere)

  • S3 Cross Region Replication

    • Must be setup for each region you want replication to happen

    • Files are updated in near real-time

    • Read only

    • Great for dynamic content that needs to be available at low-latency in few regions

  • CloudFront is a CDN, which is to cache content all around the world. Whereas S3 Cross-Region Replication is to really replicate an entire bucket into another region.

CloudFront - Pricing

  • CloudFront edge locations are all around the world.

  • The cost of data out per edge location varies.

CloudFront - Price Classes

  • You can reduce the number of edge locations for cost reduction.

  • Three price classes:

    • Price Class All: all regions - best performance

    • Price Class 200: most regions, but excludes the most expensive regions.

    • Price Class 100: only the least expensive regions.

CloudFront - Cache Invalidations

  • In case you update the backend origin, CloudFront doesn't know about it and will only get the refreshed content after the TTL has expired.

  • However, you can force an entire or partial cache refresh (thus bypassing the TTL) by performing a CloudFront Invalidation.

  • You can invalidate all files (*) or a special path (/images/*).

AWS Global Accelerator

Global users for our application

  • You have deployed an application and have global users who want to access it directly.

  • They go over the public internet, which can add a lot of latency due to many hops.

  • We wish to go as fast as possible through AWS network to minimize latency.

Unicast IP VS Anycast IP

  • Unicast IP: one server holds one IP address.

  • Anycast IP: all server holds the same IP address and the client is routed to the nearest one.

AWS Global Accelerator

  • Leverage the AWS internal network to route to your application.

  • 2 Anycast IPs are created for your application.

  • The Anycast IP send the traffic directly to edge locations.

  • The edge locations send the traffic to your application.

  • Works with Elastic IP, EC2 instances, ALB, NLB (private or public).

  • Consistent Performance

    • Intelligent routing to lowest latency and fast regional failure.

    • No issue with client cache (because the IP doesn't change).

    • Internal AWS network.

  • Health Checks

    • Global Accelerator performs a health check of your applications.

    • Helps make your application global (failover less than 1 minute for unhealthy).

    • Great for disaster recovery (thanks to the health checks).

  • Security

    • Only 2 external IP need to be whitelisted.

    • DDoS protection thanks to AWS Shield.

AWS Global Accelerator VS CloudFront

  • They both use the AWS global network and its edge locations around the world.

  • Both services integrate with AWS Shield for DDoS protection.

  • CloudFront

    • Improves performance for both cacheable content (such as images and videos).

    • Dynamic content (such as API acceleration and dynamic site delivery).

    • Content is served at the edge.

  • AWS Global Accelerator

    • Improves performance for a wide range of applications over TCP or UDP.

    • Proxying packets at the edge to applications running in one or more AWS regions.

    • Good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT) or Voice over IP.

    • Good for HTTP use cases that require static IP addresses.

    • Good for HTTP use cases that required deterministic, fast regional failover.

0
Subscribe to my newsletter

Read articles from Rohit Pagote directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWScloudfrontglobalacceleratorAWS Certified Solutions Architect Associate

Written by

Rohit Pagote
Rohit Pagote

I am an aspiring DevOps Engineer proficient with containers and container orchestration tools like Docker, Kubernetes along with experienced in Infrastructure as code tools and Configuration as code tools, Terraform, Ansible. Well-versed in CICD tool - Jenkins. Have hands-on experience with various AWS and Azure services. I really enjoy learning new things and connecting with people across a range of industries, so don't hesitate to reach out if you'd like to get in touch.