CloudFront

Question 1

What are the possible CloudFront origins?

Answer 1

S3 bucket
EC2 instance
Load Balancer
Route53

Question 2

How can CloudFront be used?

Answer 2

To deliver dynamic, static, streaming and interactive content. Requests are automatically routed to the nearest edge location which will fetches the content and cache for subsequent requests

Question 3

What are the types of Distribution?

Answer 3

Web Distribution: websites

RTMP: Media Streaming-Allows the user to begin playing a media file before the media finished downloading

Question 4

Are Edge Locations read only?

Answer 4

No

Question 5

What is the lifetime?

Answer 5

Time to Live (TTL) in seconds

Question 6

Is it possible to invalidate the cache?

Answer 6

Yes, with a charge

Question 7

How to restrict viewer access?

Answer 7

It can be done with S3 Signed URLs (single file with limited lifetime) or Signed Cookies (multiple files).
CloudFront Signed URL can be filtered by date, path, IP address, expiration, etc
Example: Only Netflix subscribers can view the content. The same for a website with premium content

Question 8

Is it possible to determine what paths will be cached?

Answer 8

Yes, via distribution settings->Cache Invalidation paths such as /users/*

Question 9

What are the differences between CloudFront Signed URL vs S3 Signed URL?

Answer 9

CloudFront Signed URL: Will allow the enduser to see the content only. CloudFront will use OAI (object access identity) to impersonate the access to S3 objects).
S3 Signed URL will give the user the same permissions as the IAM user that created the policy;