AWS CloudFront

Before jumping into AWS CloudFront, first we need to understand, what is the Content Delivery Network(CDN), Static Web Content and Dynamic Web Content.

     1. Content Delivery Network(CDN)

Server where your website is hosted is called Origin Server, we will use this term many times in this blog.

Let’s start with a problem statement to understand the CDN.

Problem Statement

I have website, which is hosted on server existing in AWS USA region, but website users exist all over the world. When any user except USA region try to access the website, they face high network latency issue.

To overcome this problem, we have two solutions.

a.       Solution-1

Host Website in the all regions and apply Geographic Routing policy on DNS Server, in this approach we have hosted multiple Web server in different region, which increases the cost and maintenance issues of these web servers.

b.      Solution-2

You can keep one web server and keep cache copy of website content like pages, video etc.  region wise, so that website content can serve to my user from regional copy, which provides lowest network latency. It is also cost effective and easy maintainable solution compare to first one.

To achieve to solution-2, Content Delivery Network(CDN) comes into picture.

CDN serves the content from nearest geographically located cache servers from the user location. For first user it delivers from your Origin Server (Webserver) and cache the copy of content for others coming users.

Below are some benefits of Content Delivery Network(CDN).

a.       Reduce the load on origin Server, as data is also served from cache servers based on user’s geographic location.

b.      It increases the web content availability, as data is cached and served from multiple cache servers.

c.       As data is cached on multiple servers, so it also helps to reduces the bandwidth requirement for origin Server.

d.      Last but not the least, it also helps to protect your website from DDoS (Distributed Denial-of-Service) attacks.

DDoS (Distributed Denial-of-Service): With help of some tools, highly malicious traffic is sent on your website to disturb normal traffic is called DDoS (Distributed Denial-of-Service) attack.

     2.Static Web Content Vs Dynamic Web Content

Static web content remains same of all users like HTML page, Java Script Files, Video, images etc.

Dynamic Web content can vary from user to user, its generated at run time when user calls the content. Like JSP page, ASP.net pages etc.

Now we have a basic understanding about the Content Delivery Network(CDN) and its benefits, which is sufficient to understand the AWS CloudFront.

    3. AWS CloudFront

1.       AWS CloudFront is AWS managed Content Delivery Network(CDN) service.

2.       This is AWS global Service.

3.       AWS CloudFront is PCI DSS, HIPPA and SOC compliant.

4.       It also used to accelerate the ingress traffic, like when we use S3 accelerate service to upload the objects quickly on S3 Bucket then S3 Service uses CloudFront for acceleration.

5.       Your origin server (where your site is hosted) can be in AWS or outside the AWS.

6.       Edge Location / Edge cache location

This is the Data center location where your website content is cached for better performance. Edge location is different from AWS availability Zones and AWS regions. Also Edge location is not tied up with AWS availability Zones and AWS regions, there is no one to one mapping between them.

7.       Regional Edge Cache

a.       This is another level of cache layer between your Origin Server and Edge cache location.

b.      Regional Edge caches are deployed globally and closer to your viewer.

c.       Your less popular object automatic shift to Regional Edge cache, so that Edge location have more space for popular object.

d.      If Any object does not exist on Edge location, Then Edge location checks this in Regional Edge cache, if found then served from there. If object also not found on Regional Edge location then, Edge location fetch it from Origin Server and served from there. One copy of object automatically gets copied on Regional Edge cache for subsequent requests.

e.       When any object become less popular, the Edge location removes this object from its cache and it moved to regional Edge cache.

f.        Regional Edge cache have bigger Cache space compare to Edge location.

g.       Below are some exceptions when Regional Edge cache in not being used to serve the object.

1.       Regional Edge cache help only in case of Custom origin servers. Means if origin server is S3 Bucket, then CloudFront process skip the Regional Edge cache to fetch the object which is not existing on Edge location.

2.       Dynamic content request will go directly from Edge location to origin Server.

3.       Proxy request like PUT, POST, DELETE etc. will go directly from Edge location to origin Server.

h.      Regional Edge cache feature is enabled by default and there is no additional charge for this feature.

8.       CloudFront Distribution

CloudFront distribution provides information to CloudFront, how to distribute and deliver the objects to edge locations.

When you update the CloudFront distribution Configuration, it will take some time to update the configuration on all edge location.

CloudFront provides two type of distribution.

a.       Web Distribution

If you want to serve your content over HTTP/HTTPS, then you can use this. As it supports HTTP/HTTPS only so you can use Webserver and S3 Bucket as origin Server.

Web distribution support below content over HTTP/HTTPS.

1.       Static and Dynamic Web Content like HTML pages, Audio, Asp.net pages etc.

2.       Multimedia content on demand via progressive download and apple live streaming.

3.       Web Distribution does not support Adobe Flash multimedia content.

4.       You can create maximum 200 Web distribution per AWS account.

b.      RTMP Distribution

Its specially created by AWS for Adobe Flash multimedia content over the HTTP/HTTPS.

Origin server can be S3 bucket only in RTMP distribution .

You can create maximum 100 RTMP distribution per AWS account.

9.       With help of CloudFront, you can restrict the direct access of S3 bucket, means user has to use CloudFront URL to access the S3 Bucket.

10.   You can provide cache expiry time of object in CloudFront by defining the TTL (Time to Live) value. By default, TTL value is 24 hours, however you can change it. if you don’t want to cache the object, set the TTL value to ZERO.

11.   You can prevent the content to be served for specific Geo-location user by Geo restriction feature of CloudFront.

12.   CloudFront Access log

If you want to log information for every request of CloudFront URL, then you can do this with help of CloudFront Access log feature.

13.   You can enable CloudFront API access logging using CloudTrail.

14.   Amazon CloudFront currently supports GET, HEAD, POST, PUT, PATCH, DELETE and OPTIONS requests.

15.   The maximum size of a single file that can be delivered through Amazon CloudFront is 20 GB.

16.   Invalidating Objects

With help of this you can remove a file from CloudFront Edge cache before it expires. It supports in web Distribution only

17.   Remove File from CloudFront Edge cache

a.       You can use by Invalidating objects

b.      You can use different version of same files, every time latest version of file will server.

18.   CloudFront Billing

a.       AWS charge for Data Transfer out from CloudFront Edge Location.

b.      AWS charge for Data Transfer out from CloudFront Edge Location to Origin.

c.       AWS charge for number of HTTP/HTTPS request.

d.      AWS charge for Custom SSL certificate.

e.       You are charged per path in your invalidation request

19.   Field Level Encryption

With help of this CloudFront feature, you can securely upload the data on Origin Server like credit card Info etc.

20.   You can map your Custom Domain Name with CloudFront URL provided by AWS.

Cheers!
Sandeep 
https://www.linkedin.com/in/sandeep-sharma-40a40b22/