☁️ CloudProjectHub

CloudFront

What is Amazon CloudFront?

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. It integrates with other AWS services to give you an easy way to accelerate your websites and APIs, reducing latency and improving user experience.

Key Features

  • Global Network: 200+ edge locations worldwide
  • Performance: Low latency and high transfer speeds
  • Security: DDoS protection, SSL/TLS encryption
  • Integration: Works with S3, EC2, Load Balancers, and more
  • Cost-effective: Pay only for what you use
  • Monitoring: Real-time metrics and logs

Prerequisites

  • AWS Account
  • Origin content (S3 bucket, EC2 instance, Load Balancer, etc.)
  • Domain name (optional, for custom domain)
  • Understanding of CDN concepts
  • SSL certificate (for HTTPS)

Step-by-Step: Creating a CloudFront Distribution

  1. Sign in to AWS Management Console: Go to console.aws.amazon.com
  2. Navigate to CloudFront: Search for "CloudFront" in services
  3. Create Distribution: Click "Create distribution" button
  4. Origin Settings:
    • Origin domain: Select S3 bucket, ELB, or custom origin
    • Origin path: Optional path within the origin
    • Name: Friendly name for the origin
    • Origin access: Public or Origin Access Identity (OAI)
  5. Default Cache Behavior:
    • Viewer protocol policy: HTTP and HTTPS, or redirect to HTTPS
    • Allowed HTTP methods: GET, HEAD (default) or include OPTIONS/POST/PUT/etc.
    • Cache key and origin requests: Legacy cache settings or new policy
  6. Cache Behavior Settings:
    • Compress objects automatically: Enable for better performance
    • Cache policy: Select or create caching policy
    • Origin request policy: Control what gets sent to origin
  7. Distribution Settings:
    • Price class: Use all edge locations, or limit to reduce cost
    • Alternate domain names (CNAMEs): Add custom domain names
    • SSL Certificate: Default CloudFront certificate or custom ACM certificate
    • Security policy: TLS version support
  8. Default Root Object: index.html for website hosting
  9. Logging: Enable standard or real-time logs to S3 or Kinesis
  10. Tags: Add key-value pairs for organization
  11. Create Distribution: Review and create the distribution

Configuring Custom Domain (Optional)

  1. Request SSL Certificate: Use AWS Certificate Manager (ACM)
  2. Add CNAME Record: Update DNS to point to CloudFront domain
  3. Update Distribution: Add alternate domain names and certificate
  4. Wait for Deployment: Changes take 10-30 minutes to propagate

Invalidating Cache

  1. Create Invalidation: Go to CloudFront → Invalidations
  2. Object Paths: Specify files to invalidate (e.g., /index.html, /* for all)
  3. Create Invalidation: Submit the invalidation request
  4. Monitor Status: Check invalidation progress

Best Practices

  • Use appropriate cache policies for different content types
  • Enable compression for text-based content
  • Use Origin Access Identity (OAI) for S3 origins
  • Implement proper error pages and redirects
  • Monitor performance with CloudWatch metrics
  • Use multiple origins for different content types
  • Implement security headers and WAF integration
  • Regularly review and optimize cache behaviors

CloudFront Features

  • Edge Locations: 200+ points of presence globally
  • Regional Edge Caches: Additional caching layer
  • Lambda@Edge: Run Lambda functions at edge locations
  • Real-time Logs: Streaming logs to Kinesis
  • Field-level Encryption: Encrypt sensitive data
  • Origin Shield: Additional caching layer

Common Use Cases

  • Static website acceleration
  • Video streaming and on-demand content
  • API acceleration and caching
  • Software downloads and updates
  • Global application delivery
  • E-commerce website performance
  • Mobile application content delivery
  • Real-time bidding and advertising