CloudFront

Question 1

Features:
- Content Delivery Network (CDN)
- Improves read performance, content is cached at the edge
- Improves users experience
- 216 Point of Presence globally (edge locations)
- DDoS protection (because worldwide), integration with Shield, AWS Web Application Firewall

Answer 1

Amazon CloudFront

Question 2

What is an origin?

Answer 2

Location where content is stored, and from which CloudFront gets content to serve to viewers.

Question 3

Four features of S3 bucket origin?

Answer 3

• For distributing files and caching them at the edge
• Enhanced security with CloudFront Origin Access Control (OAC)
• OAC is replacing Origin Access Identity(OAI)
• CloudFront can be used as an ingress (to upload files to S3)

Question 4

Four custom origins, that are HTTP servers.

Answer 4

• Application Load Balancer
• EC2 instance
• S3 website (must first enable the bucket as a static S3 website)
• Any HTTP backend you want

Question 5

Features:
- Global Edge network
- Files are cached for a TTL (maybe a day)
- Great for static content that must be available everywhere

Answer 5

CloundFront

Question 6

Features:
- Cross Region Replication: Must be setup for each region you want replication to happen
- Files are updated in near real-time
- Read only
- Great for dynamic content that needs to be available at low-latency in few regions

Answer 6

S3 Region Replication

Question 7

CloudFront is a ……,which is to cache content …..,

whereas S3 Cross-Region Replication is to….. an entire bucket into another…….

Answer 7

CDN, all around the world, replicate, region

Question 8

Where is the cache located?

Answer 8

At each CloudFront Edge Location

Question 9

How does CloudFront identify each object in the cache?

Answer 9

Cache Key

Question 10

You want to maximize the Cache Hit ratio to minimize requests to the origin?

Answer 10

True

Question 11

How can you invalidate part of the cache?

Answer 11

Use the CreateInvalidation API

Question 12

You want to cache as much stuff as possible in your edge locations?

Answer 12

True

Question 13

What is CloudFront Cache Key?

Answer 13

A unique identifier for every object in the cache

Question 14

CloudFront Cache Key can have additional elements then the default ones?

Answer 14

True

Question 15

How can you add other elements(HTTP headers, cookies, query strings) to the Cache Key?

Answer 15

CloudFront Cache Policies

Question 16

Are all HTTP headers, cookies, and query strings that you include in the Cache Key automatically included in origin requests?

Answer 16

True

Question 17

What happens when Cache policy HTTP header is None?

Answer 17

• Don’t include any headers in the Cache Key (except default)
• Headers are not forwarded (except default)
• Best caching performance

Question 18

What happens when Cache policy HTTP header is Whitelisted?

Answer 18

• only specified headers included in the Cache Key
• Specified headers are also forwarded to Origin

Question 19

Cache Policy Query Strings is None?

Answer 19

• Don’t include any query strings in the Cache Key
• Query strings are not forwarded

Question 20

Cache Policy Query Strings is Whitelist?

Answer 20

• Only specified query strings included in the Cache Key
• Only specified query strings are forwarded

Question 21

Cache Policy Query Strings is Include All-Except?

Answer 21

• Include all query strings in the Cache Key except the specified list
• All query strings are forwarded except the specified list

Question 22

Cache Policy Query Strings are All?

Answer 22

• Include all query strings in the Cache Key
• All query strings are forwarded
• Worst caching performance

Question 23

Cache Policies based on HTTP Headers?

Answer 23

-None
-WhiteList

Question 24

Cache Policies based on Query Strings?

Answer 24

• None
  – Whitelist
  – Include All-Except
  – All

Question 25

What allows specifying values that you want to include in origin requests without including them in the Cache Key (no duplicated cached content)

Answer 25

Origin Request Policy?

Question 26

Origin request policy grants ability to add CloudFront …… and …… to an origin request that were not included in the viewer request.

Answer 26

HTTP headers, Custom Headers

Question 27

Purpose of CloudFront Cache Policy?

Answer 27

Controls how CloudFront caches your content at edge locations.

Question 28

Purpose of CloudFront Origin Request Policy?

Answer 28

Controls what information CloudFront includes in requests to your origin.

Question 29

Origin Request Policies can be include in…?

Answer 29

1. HTTP Headers
2. Cookies
3. Query Strings

Question 30

CloudFront won’t know about a back-end origin update until the TTL has expired?

Answer 30

True.

Question 31

How can you bypass the TTL and force and entire or partial cache refresh?

Answer 31

Perform a CloudFront Invalidation

Question 32

When will CoundFront know that the back-end origin has been updated?

Answer 32

After the TTL has expired causing a refresh.

Question 33

With Cache Behaviors you can…… different settings for a given …… pattern

Answer 33

Configure,URL path

Question 34

With Cache Behaviors you can …….to different kind of origins/origin groups based on the …….or ……..pattern

Answer 34

route, content type, path

Question 35

When adding additional Cache Behaviors, the ………. is always the……. to be processed and is always /*

Answer 35

Default Cache Behavior, last

Question 36

EC2 instances must be……., otherwise the edge locations ………… our EC2 instances because there’s no ……..connectivity in CloudFront.

Answer 36

public, will not be able to access, private VPC

Question 37

What is Geo Restriction?

Answer 37

Restrict who can access your distribution based on location.

Question 38

Use case:
You want to distribute paid shared content to premium users over the world.

Answer 38

Use CloudFront Signed URL / Cookie

Question 39

Features:
- Includes URL expiration
- Includes IP ranges to access the data from
- Trusted signers (which AWS accounts can create signed URLs)

Answer 39

Can be included to policy attached to CloudFront Signed URL / Cookie?

Question 40

What is a Signed URL for?

Answer 40

Grants access to individual files (one signed URL per file)

Question 41

What is a Signed Cookie for?

Answer 41

access to multiple files (one signed cookie for many files)

Question 42

Features:
- Allow access to a path, no matter
- Account wide key-pair, only the root can manage it
- Can filter by IP, path, date, expiration
- Can leverage caching features

Answer 42

CloudFront Signed URL

Question 43

Features:
- Issue a request as the person who pre-signed the URL
- Uses the IAM key of the signing IAM principal
- Limited lifetime

Answer 43

S3 Pre-Signed URL

Question 44

What are Origin Groups for?

Answer 44

To increase high-availability and do failover

Question 45

How do Origin Groups work?

Answer 45

There is one primary and one secondary origin

If the primary origin fails, the second one is used

Question 46

What is Field Level Encryption?

Answer 46

Protects user sensitive information through application stack

Question 47

What does Field Level Encryption work?

Answer 47

Adds an additional layer of security along with HTTPS

encrypted at the edge close to user

Question 48

How can you get real-time requests received by CloudFront sent to Kinesis Data Streams

Answer 48

Real Time Logs

Question 49

What allows you to Monitor, analyze, and take actions based on content delivery performance

Answer 49

Real Time Logs