CloudFront

Question 1

What is Amazon Cloudfront

Answer 1

Amazon CloudFront caches copies of your content in multiple edge locations around the world. CloudFront operates a global network of edge locations strategically located in major cities and regions worldwide. When users request content, CloudFront delivers it from the edge location that provides the lowest latency, reducing the time it takes for users to access your content.

CloudFront uses advanced caching and optimization techniques to accelerate content delivery and improve performance. It supports HTTP/2 and HTTPS protocols, TCP optimizations, and dynamic content acceleration to deliver fast and responsive web experiences.

CloudFront provides various security features to protect your content and applications from cyber threats and attacks. These features include DDoS (Distributed Denial of Service) protection, SSL/TLS encryption, access control policies, and integration with AWS Web Application Firewall (WAF) for application layer security.

Question 2

What are Cloudfront Origins

Answer 2

Origins refer to the source servers or storage locations from which CloudFront retrieves content to distribute to end users. CloudFront supports various types of origins:

Amazon S3 Bucket: You can configure an Amazon S3 bucket as an origin for CloudFront. CloudFront can retrieve static and dynamic content (such as web pages, images, videos, and files) stored in an S3 bucket and distribute it to users globally.

Custom Origin (HTTP/HTTPS): A custom origin refers to any HTTP or HTTPS server that hosts your content. This can include web servers, application servers, APIs, or other backend systems. You can configure CloudFront to fetch content from a custom origin using either HTTP or HTTPS protocols.

Load Balancer: You can use an Elastic Load Balancer (ELB) or an Application Load Balancer (ALB) as an origin for CloudFront. This allows you to distribute traffic across multiple backend servers or instances for improved scalability and fault tolerance. Note: The ALB must be public

AWS Elemental Media Services: CloudFront integrates with AWS Elemental Media Services, allowing you to stream video content from services such as AWS Elemental MediaPackage, AWS Elemental MediaStore, and AWS Elemental MediaLive as origins for CloudFront.

API Gateway: You can use Amazon API Gateway as an origin for CloudFront to distribute APIs and microservices to users globally. This enables you to accelerate API requests and reduce latency for API consumers worldwide.

Lambda@Edge: Lambda@Edge allows you to run serverless functions at the edge locations of the CloudFront network. You can use Lambda@Edge functions as origins for CloudFront to generate dynamic content, perform real-time processing, and customize responses based on user requests.

Question 3

What way can you restrict access to your ALBs and Custom Origins

Answer 3

By configuring CloudFront to add a Custom HTTP Header to the requests it sends to the ALB. Then configure your ALB to only forward requests to your EC2s that contain that Custom HTTP Header

Question 4

How can you increase high-availability and do failover with CloudFront

Answer 4

Through the use of Origin Groups: You can have one primary and one secondary origin, if the primary origin fails, the second one is used

Question 5

How can one restrict traffic from a certain country

Answer 5

Amazon CloudFront Geo-Restriction is a feature that allows you to control access to your content based on the geographic location of the viewer. With CloudFront Geo-Restriction, you can restrict access to your content to specific countries or geographic regions, ensuring that only users from allowed locations can access your content while denying access to users from restricted locations.

Question 6

What are the three price classes for CloudFront

Answer 6

Price Class All: All regions - Best Performance
Price Class 200: most regions, but excludes the most expensive regions
Price Class 100: only the least expensive regions

Question 7

Can you have custom error pages?

Answer 7

Yes. You can put them in your S3 bucket origin and have them display in CloudFront in times of an error

Question 8

What are Cloudfront functions & Lambda at Edge

Answer 8

They are lightweight functions that allow you to manipulate(change) viewer request and responses. They run at edge locations.

Lambda@Edge are functions also used to change requests, except that they can change Viewer requests and responses, as well as Origin Requests and Responses. They run on the Regional Edge Cache level unlike CF functions which are at the Edge location

Question 9

What are use cases for Cloudfront functions & Lambda at Edge

Answer 9

CF Functions
Cache key normalization
Header Manipulation in the request or response
URL rewrites or redirects
Request authentication & authorization

Lambda@edge
Longer execution time
Adjustable CPU or memory
Use 3rd party origins for authentication
A use case for Lambda@edge is to modify a request and redirect it to a closer origin (S3 bucket) to help reduce latency