CloudFront

Question 1

What is AWS CloudFront?

Answer 1

Content Delivery Network (CDN)

Question 1

Are you protected against DDOS attacks when using CloudFront?

Answer 1

Yes

Question 2

What can be used as CloudFront origins?

Answer 2

S3 bucket, any custom http backend (load balancer, EC2)

Question 3

What access control policies are involved when using CloudFront with an S3 bucket?

Answer 3

S3 bucket policy plus the Origin Access Control

Question 4

What is the difference between CloudFront and using S3 cross region replication?

Answer 4

Using CloudFront files are available globally, files are cached for a TTL, good for static content that must be available everywhere. S3 cross region replication must be setup for each region, read-only, good for dynamic content that needs to be available at low-latency in a few regions.

Question 5

What is the difference between the cache policy and the origin request policy

Answer 5

Cache policy defines what can be used as the cache key for requests, anything used as the key is automatically forwarded as part of origin requests. The origin request policy lets you specify other parts of the request to forward to the origin.

Question 6

Can CloudFront be used to send traffic to a private EC2 instance not publicly available?

Answer 6

No the EC2 instance must be public

Question 7

When you’re configuring a CloudFront distribution to use Signed URLs/Cookies, it is recommended to use Trusted Key Group signer instead of CloudFront Key Pair. OR should you use CloudFront Key Pair instead of Trusted Key Group?

Answer 7

You should use a Trusted Key Group instead of a CloudFront Key Pair.