Chloe McAree (McAteer)
Published on

AWS CloudFront

Authors

This is part of a blog series giving a high level overview of the different services examined on the AWS Solution Architect Associate exam, to view the whole series click here.

CloudFront Terminology

Edge Location → Location where content will be cached (different to an AWS Region). They are not just read, you can also write to them.

Origin → Location where all the files THAT the CDN will distribute are stored — can be an S3 Bucket, EC2, ELB etc.

Distribution → Name of the CDN, which consists of a collection of edge locations.

There are two types:

  • Web Distributions which are used for websites

  • RTMP Distributions which are used for streaming media

Invalidations → these can be files or subfolders that you can select to not be on the edge locations. Useful when you need to remove a file from an edge cache before it expires

Versioning → can be used to serve a different version of a file under a different name.

CloudFront Summary

![CloudFront Logo

  • It is a global service

  • Is a Content Delivery Network (CDN)

  • Securely delivers web applications, data, videos and other web content over a system of distributed servers to users based on their geographic location, with low latency and high transfer speeds.

  • Can be used for your whole website and can work with any AWS origin e.g. S3, EC2 ELB etc.

  • Requests to content are automatically routed to nearest geographical edge location for best possible performance.

  • Objects are cached for the Time To Live (TTL).

  • Can integrate with AWS Shied, Web Application Firewall and Route 53 to advance security.

  • Is possible to clear cached objects, however you will incur a charge.

  • If requested resources does not exist on CloudFront— it will query the original server and then cache it on the edge location

Restricting Access to CloudFront

  • You can restrict S3 access so that it is only accessible through CloudFront and not directly through the S3 URL.

  • You can restrict access using signed URLs or Signed Cookies. (1 File = 1 URL, but 1 Cookie = multiple files)

Features of a signed url

  • The signed url (key pair) is account wide & managed by the root user.

  • Has an associated policy statement (JSON) specifying restrictions on the URL.

  • Contains additional information e.g. expiration date/time.

  • Can have different origins and can utilise caching features.