CDN and Optimization Flashcards
What is the difference between an edge location cache and a regional edge cache?
A regional edge cache is just a larger version of an edge location cache.
True or False: Only S3 can be used as a CloudFront origin.
False, custom origins can be used as well.
What kinds of configuration are controlled with a Cloudfront distribution?
Price class, domain names, certificates, TLS. Think “higher level”.
What kinds of configuration are controlled with a cloudfront behavior?
Trusted URLs/cookies, http/https, cache directives, restrict viewer access. Think “lower level”
What does TTL control?
How long something lives on a cache. Default is 24 hours.
What are cache invalidations?
Invalidates objects based on a pattern match.
What is better for pointing users to other objects - cache invalidations or versioned file names?
Versioned file names == less expensive.
What does AWS Certificate Manager allow you to do?
Easily provision, manage, deploy certificates (HTTPS) for supported AWS services.
Will self signed certificates work for CloudFront SSL?
No! Valid public certificates only.
What is an Origin Access Identity (OAI)?
A virtual identity used by cloudfront to access an S3 bucket
Why might you want to use OAI?
To provision access to cloudfront and only cloudfront.
What additional security feature must be used in conjunction with an OAI for its intended use case?
S3 bucket policy
How can you secure a CF distribution with a custom origin?
HTTPS with custom headers, or firewall using edge location IPs.
What might you want to use Lambda@Edge for?
Adjusting data between viewer and origin based on access patterns.
What is the main use of AWS Global Accelerator?
Moves the AWS network closer to customers.