CloudFront

Solution Architect Associate

Developer Associate

Security Specialty

  • An edge location is a location where content will be cached. This is separate from an AWS Region or Availability Zone. There are over 50 of these in the world
  • An origin is the origin of all files that the CDN will distribute. This can be an S3 Bucket, an EC2 instance, an Elastic Load Balancer, or Route 53
  • A distribution is the name given to the CDN that consists of a collection of edge location
    • Can have a web distribution or an RTMP distribution (used for streaming Adobe Flash files)
  • Edge locations are not read only, you can actually write an object to an edge location
    • When this is done, the new object will be replicated to the origin
  • Defaults all connections to HTTPS with the ability to add a custom SSL certificate
  • Objects are cached for the life of the TTL
  • You can clear cached objects but you will be charged for this
  • You can have multiple origins within the same distribution. Distinguished by Origin ID. (This is likely on the exam)
  • TTLs are always set in seconds
    • The default TTL is set to 24 hours by default, you can change this of course
  • You are able to secure objects by using Signed URLs or Signed Cookies under Restrict Viewer Access (know for the exam!)
  • You have the ability to specify price class by choosing which edge locations you want to use.
  • You have the option to use a web application firewall (WAF)
  • When you create a distribution, you an also add your own alternate domain name (i.e. CNAME). This is usually done in conjunction with Route 53
  • You can choose to use the default CloudFront certificate or your own SSL Certificate if you’re using an alternate domain name. You have to upload your own certificate when doing this.
  • The default root object specifies what is served when you go directly to the distribution URL. Useful when using CF to host a website
  • Behaviors are evaluated in the order they’re arranged
  • Can create custom error pages
  • Can restrict content based upon geography as well under restrictions
    • Can create whitelists or blacklists
    • Whitelists contains countries where you want CF to distribute your content
    • Blacklists contains countries where you do not want CF to distribute your content
    • You cannot choose both whitelist and blacklist…you must choose either to create a whitelist or a blacklist
    • If you want to block countries though, you should use WAF
  • You can invalidate objects, which removes the objects from CF. Remember you pay for this.
  • When generating CloudFront Signed URLs, it’s recommended to use a trusted key group to levearage APIs to create and rotate keys
< Previous: API Gateway Next: Global Accelerator >