CloudFront

Content Distribution Network (CDN)

A CDN is a distributed network of servers which delivers web pages and content to users based on their geographical location, the origin of the webpage, and a content delivery server.

Can be used to deliver an entire website including static, dynamic and streaming

Requests for content are served from the nearest Edge Location for the best possible performance.

CloudFront Core Concepts

Origin The location where all the original files are located. For example and S3 Bucket, EC2 Instance, ELB, or Route53

Edge Location The location where web content will be cached. This is different than an AWS Region or Amazon

Distribution A collection of Edge locations which defines how cached content should behave

CloudFront Distributions

A distribution is a collection of Edge Locations. You specify the Origin (e.g S3, EC2, ELB, Route53)

It replications copies based on your Price Class

There are 2 types ✌🏾 of Distributions

  1. Web (for websites)
  2. RTMP (for streaming media)

Behaviours Redirect to HTTPs, Restrict HTTP Methods, Restrict Viewer Access, Set TTLs

Invalidations You can manually invalidate cache on specific files via Invalidations

Error Pages You can serve up custom error pages .eg 404

Restrictions You can use Geo Restriction to blacklist or whitelist specific countries

Lambda@Edge

We use Labda@Edge function to override the behaivor of request and responses

The 4 Available Lamda@Edge Functions

  1. View request When CloudFront receives a request form a viewer
  2. Origin request Before CloudFront forwards a request to the origin
  3. Origin response When CloudFront receives a response from the origin
  4. Viewer response Before CloudFront returns the response to the viewer

Protection

By default a Distribution allows everyone to have access.

Original Identity Access (OIA) A virtual user identity that will be used to give your CloudFront Distribution permission to fetch a private object

In order to use Signed URLS or Signed Cookies you need to have a OAI

Signed URLs (Not the same thing as S3 Presigned URL) A url that provides temp access to cached objects

Signed Cookies A cookie which is passed along with the request to CloudFront. The advantage of using a Cookie is you want to provide access to multiple restricted file e.g. Video streaming