CloudFront Flashcards
CloudFront
CloudFront
CDN provider service
CloudFront
Security options (2)
CloudFront
- DDoS protection
- Firewall features
CloudFront
how CloudFront improves performance
CloudFront
caches content at edge locations
CloudFront
use case
CloudFront
static content to be available everywhere
CloudFront
types of origins (2)
CloudFront
- S3 Bucket
- other HTTP
CloudFront
S3 bucket origin
CloudFront
distributes and caches S3 objects at edge
CloudFront
how content is secured
S3 bucket origin
Origin Access Control (OAC)
S3 bucket origin
file ingress
S3 bucket origin
can also be used for file uploads
S3 bucket origin
other HTTP origins (4)
CloudFront
- ALB
- EC2 Instnace
- S3 bucket set as static website
- any other HTTP backend
CloudFront
requirement for ALB to be an Origin
CloudFront other HTTP origins
ALB must be public
CloudFront other HTTP origins
what needs to be in SG for ALB to work as origin
CloudFront other HTTP origins
access must be allowed for public IPs of edge locations
CloudFront other HTTP origins
requirement for EC2 instance to be an origin
CloudFront other HTTP origins
EC2 instance must be public
CloudFront other HTTP origins
what needs to be in SG for EC2 instance to work as origin
CloudFront other HTTP origins
access must be allowed for public IPs of edge locations
CloudFront other HTTP origins
Geo Restriction
CloudFront
client IPs compared to 3rd party Geo-IP database
CloudFront
Allowlist
Geo Restriction
only allow user IPs in allowed countries
Geo Restriction
Blocklist
Geo Restriction
block user IPs in blocked countries
Geo Restriction
Use case
Geo Restriction
copyright restrictions
Geo Restriction
Price classes (3)
CloudFront
- Price Class All
- Price Class 200
- Price Class 100
CloudFront
Price Class All
Price classes
all regions for the best performance
Price classes
Price Class 200
Price classes
Excludes most expensive regions
Price classes
Price Class 100
Price classes
includes only least expensive regions
Price classes
Cache invalidation
CloudFront
may force partial or entire cache refresh
CloudFront
how to specify what is invalidated (2)
Cache invalidation
use * wildcard
use specific path with wildcard
Cache invalidation
CDN provider service
CloudFront
CloudFront
CloudFront
- DDoS protection
- Firewall features
CloudFront
Security options (2)
CloudFront
caches content at edge locations
CloudFront
how CloudFront improves performance
CloudFront
static content to be available everywhere
CloudFront
use case
CloudFront
- S3 Bucket
- other HTTP
CloudFront
types of origins (2)
CloudFront
distributes and caches S3 objects at edge
CloudFront
S3 bucket origin
CloudFront
Origin Access Control (OAC)
S3 bucket origin
how content is secured
S3 bucket origin
can also be used for file uploads
S3 bucket origin
file ingress
S3 bucket origin
- ALB
- EC2 Instnace
- S3 bucket set as static website
- any other HTTP backend
CloudFront
other HTTP origins (4)
CloudFront
ALB must be public
CloudFront other HTTP origins
requirement for ALB to be an Origin
CloudFront other HTTP origins
access must be allowed for public IPs of edge locations
CloudFront other HTTP origins
what needs to be in SG for ALB to work as origin
CloudFront other HTTP origins
EC2 instance must be public
CloudFront other HTTP origins
requirement for EC2 instance to be an origin
CloudFront other HTTP origins
access must be allowed for public IPs of edge locations
CloudFront other HTTP origins
what needs to be in SG for EC2 instance to work as origin
CloudFront other HTTP origins
client IPs compared to 3rd party Geo-IP database
CloudFront
Geo Restriction
CloudFront
only allow user IPs in allowed countries
Geo Restriction
Allowlist
Geo Restriction
block user IPs in blocked countries
Geo Restriction
Blocklist
Geo Restriction
copyright restrictions
Geo Restriction
Use case
Geo Restriction
- Price Class All
- Price Class 200
- Price Class 100
CloudFront
Price classes (3)
CloudFront
all regions for the best performance
Price classes
Price Class All
Price classes
Excludes most expensive regions
Price classes
Price Class 200
Price classes
includes only least expensive regions
Price classes
Price Class 100
Price classes
may force partial or entire cache refresh
CloudFront
Cache invalidation
CloudFront
use * wildcard
use specific path with wildcard
Cache invalidation
how to specify what is invalidated (2)
Cache invalidation