Cloud Front And Global Accelerator Flashcards
How many cloud front origins are there?
- S3 Bucket
— for distributing files and caching them at the edge.
— Enhance security with Origin access control (OAC)
— Cloud front can be used as an ingress (to upload files to S3) - Custom Origin (HTTP)
— Application load balancer
— ec2 instance
— s3 websites (must first enable the bucket as a static S3 website)
— any HTTP backend you want
What is the difference between Global accelerator and cloud front?
- CloudFront uses Edge Locations to cache content while Global Accelerator uses Edge Locations to find an optimal pathway to the nearest regional endpoint.
- CloudFront is designed to handle HTTP protocol meanwhile Global Accelerator is best used for both HTTP and non-HTTP protocols such as TCP and UDP.
- CloudFront uses multiple sets of dynamically changing IP addresses while Global Accelerator will provide you a set of static IP addresses as a fixed entry point to your applications.
- CloudFront pricing is mainly based on data transfer out and HTTP requests, while Global Accelerator charges a fixed hourly fee and an incremental charge over your standard Data Transfer rates, also called a Data Transfer-Premium fee (DT-Premium).
CloudFront can be used for static and dynamic content. The contents are cached at the edge location. Whereas, the global accelerator uses edge location to find the nearest endpoint. All the requests reach the application. The global accelerator is good for non-HTTP use cases such as gaming, IoT, and voice-over IP. It is also good for HTTP use cases that require static IP addresses. It can also help with fast regional failover.
How Cloud Front can be useful?
Users in the US can access files in Australia via Cloudfront to reduce the latency. The cloud front will communicate with S3 bucket via a high-speed network. This will help in reducing the latency. The content is cached on the cloud front.
What’s the difference between a cloud front and S3 cross-region replication?
CloudFront uses a global edge network, files are cached for a TTL (maybe a day), and it’s great for static content that must be available everywhere.
S3 cross-region replication must be set up for each region where you want replication to happen. Files are updated in real-time mode. It’s read-only and great for dynamic content that needs to be available at low latency in a few regions.
Can EC2 instances be private if they need to be accessed by Edge Location?
No, they should be public, as there is no private VPC connectivity. For security there should be a security group that allows the all public IP addresses of the edge locations.
Can ALB be private if they need to be accessed by Edge Location?
No, they need to be public. But the EC2 instances behind ALB can be private. The security group on ALB should be a security group for allowing the IP addresses from all the edge locations.
Can cloud front be restricted for a particular geographic location?
Yes, you can restrict who can access for your distribution.
Can cache be invalidated in the cloud front?
It can be done by using TTL (time to last) setting in the cloud front. However, you can force an entire or partial cash refresh by performing a cloud-front invalidation. You can invalidate all files or a specific path
What are unicast and anycast?
Unicast - one server holds one address
Anycast - all server holds the same IP address and the client is routed to the nearest one.
what is a Global accelerator?
If we want to route to India and we have users all around the globe. And is going to happen is that instead of sending it through the public internet in America, it’s going to come to the closest edge location. And from the edge location, it’s going to go all the way straight to our ALB through the internal AWS network.
Same for Australia, so it goes to the closest edge location near Australia, and then it goes over the private AWS network to get to the ALB and the same for Europe.
So the idea with this is that we’re going to use an Anycast IP, and there’s actually going to be two of those that are going to be created for your application, and they’re global.
And the Anycast IP will send the traffic directly to the closest edge location of your users. And this is the power of Anycast IP. So the edge location will then send the traffic to your application (mumbles) For example, through the private AWS network, which is much more stable, has less latency, and so on.