CloudFront CDN

  1. CloudFront is AWS content delivery network service
  2. Amazon CloudFront can provide Content Delivery Network (CDN) functionality for many types of origins including
    1. Amazon Elastic Compute Cloud (Amazon EC2) instances
    2. AWS Elastic Load Balancing (ELB)
    3. Amazon Simple Storage Service (Amazon S3)
    4. Route53
    5. on-premises applications and sites.
  3. When you create a web distribution, CloudFront assigns a domain name to the distribution, such as d6736837jhsdga.cloudfront.net. You can use this domain name in the URLs for your content, for example: http://d6736837jhsdga.cloudfront.net/logo.jpg. Alternatively, you might prefer to use your own domain name in URLs, for example: http://cdn.example.com/logo.jpg. If you want to use your own domain name, use Amazon Route 53 to create an alias record that points to your CloudFront distribution.
  4. Edge locations are where your data (S3/EC2/ELB/Route53) cached, with low latency. Edge locations are different from regions and availability zones
  5. Distribution: A name given to the CDN containing a collection of edge locations
  6. Can do READ/WRITE (GET, OPTIONS, POST, PUT, PATCH)
  7. Content is temporarily cached on CF edge locations
    1. TTL is number of seconds before the cache expires (at which time new copy is fetched from origin)
    2. Invalidation: You can clear cache before TTL forcibly, but costs extra.
  8. S3-accelerated uses edge locations to read/write to S3 buckets
  9. Amazon CloudFront can serve private content by using
    1. Signed URLs
    2. Signed cookies
    3. Amazon Simple Storage Service (Amazon S3) Origin Access Identifiers.
    4. Restrict content based on geolocation (whitelist and blacklist)
  10. To ensure that your users access your objects using only CloudFront URLs, regardless of whether the URLs are signed, perform the following tasks:
    1. Create an origin access identity, which is a special CloudFront user, and associate the origin access identity with your distribution.
    2. Change the permissions on your S3 bucket or on the objects so only the origin access identity has read permission (or read and download permission).
    3. When your end users access your Amazon S3 objects through CloudFront, the CloudFront origin access identity gets the objects on behalf of your end users.
    4. If your users request objects directly by using Amazon S3 URLs, they’re denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don’t.
  11. Distribution types
    1. Web Distribution
    2.  RTMP (media streaming / flash) Distribution – for Adobe flash files only
<<< Cloudtrail LogsCloud Formation >>>
Copyright 2005-2016 KnowledgeHills. Privacy Policy. Contact .