CloudFront And Elastic Beanstalk Flashcards
What is CloudFront?
A CDN that improves content delivery using edge caching and integrates with Shield and WAF.
What are CloudFront origins?
S3 Buckets, ALB, EC2, S3 website, or any HTTP backend.
What is the difference between CloudFront and S3 Cross Region Replication?
CloudFront caches globally for performance; S3 CRR replicates objects for availability in multiple regions.
What is a CloudFront Cache Key?
A unique identifier for cached objects, default is hostname + URL; can include headers, cookies, and query strings.
Already cached this exact req? y: serve from cache no: fwd to origin.
What is a CloudFront Cache Policy?
A Cache Policy tells CloudFront what makes each request unique for caching purposes—customizing this is the key to balancing performance, accuracy, and cost.
What are options for Cache Policy headers?
Use None for static content or Whitelist only for the headers that affect your content rendering; headers control caching performance.
What are options for Cache Policy query strings?
None, Whitelist, Include All-Except, or All.
What is an Origin Request Policy in CloudFront?
Defines headers, cookies, and query strings sent to origin but not used in caching.
Defines what gets forwarded to your origin when a viewer makes a request
What is a CloudFront Invalidation?
You just updated a file, like index.html, but CloudFront is still serving the old cached version. Instead of waiting for the TTL to expire, you can force CloudFront to fetch the latest version from the origin.
Forces cache refresh before TTL expires using CreateInvalidation API.
What is CloudFront Cache Behavior?
CloudFront Cache Behavior defines how CloudFront should handle requests for specific URL patterns in your distribution.
Different settings per URL path pattern, can route to different origins.
What are CloudFront Geo Restrictions?
Restrict access by country using allowlists or blocklists based on Geo-IP.
What are CloudFront Signed URLs and Cookies?
Allow restricted content delivery with custom access policy including expiration and IP filtering.
When to use Signed URL vs Signed Cookie?
Control access to private content served through CloudFront — like protecting paid content, internal files, or personalized data. They allow you to grant temporary access to content only to authorized users.
Signed URL: one file; Signed Cookie: multiple files.
How are Signed URLs verified?
CloudFront checks 3 things to validate a Signed URL.
Signature: Ensures the URL was signed with a trusted private key. Policy: Enforces expiration time, resource path, and optional IP/start time rules. Key Group: The signing key must belong to a trusted key group on the distribution
What is CloudFront Pricing based on?
Edge location region; higher costs in more expensive regions.
What are CloudFront Price Classes?
Price Classes: All, 200, and 100 reduce cost by limiting edge locations.
What is CloudFront Multiple Origin routing?
Route to different backend origins (like S3, EC2, ALB, etc.) based on path patterns like /images/*.
What is a CloudFront Origin Group?
Defines primary and secondary origins for failover.
What is CloudFront Field-Level Encryption?
Encrypts sensitive fields in requests at the edge location using asymmetric encryption.
What are CloudFront Real-Time Logs?
CloudFront Real-Time Logs let you stream detailed logs of every request made to your CloudFront distribution in near real time—useful for monitoring, debugging, and analytics.
Logs sent to Kinesis Data Streams with selectable fields and sample rate
What is AWS Elastic Beanstalk?
A developer-centric service for deploying applications using familiar AWS components like EC2, ASG, and ELB.
What AWS resources does Elastic Beanstalk manage?
EC2, ASG, ELB, RDS, scaling, load balancing, instance config, and health monitoring.
What are the main components of Elastic Beanstalk?
Application, Application Version, and Environment.
What are the Elastic Beanstalk environment tiers?
Web Server Environment Tier for applications that handle HTTP(S) requests directly, and Worker Environment Tier for background processing of tasks.
Name three supported platforms in Elastic Beanstalk.
Java, Node.js, Python (and more like .NET, PHP, Ruby).
What is a good Elastic Beanstalk deployment mode for development?
Single Instance.
What is ‘All at once’ deployment mode?
Deploys all instances at once, causing downtime but fastest deployment.
What is ‘Rolling’ deployment mode?
Updates a few instances at a time with no additional cost but some capacity loss.
What is ‘Rolling with additional batches’ deployment mode?
Adds extra capacity temporarily to keep service available during deployment.
What is ‘Immutable’ deployment mode?
Uses new instances for new version and swaps when healthy; zero downtime but high cost.
What is Blue/Green deployment in Elastic Beanstalk?
Creates a new environment with the new version and swaps it in when ready.
What is Traffic Splitting in Elastic Beanstalk?
Sends a percentage of traffic to a new version to test stability before full rollout.
What CLI tool helps manage Elastic Beanstalk applications?
EB CLI.
Name two EB CLI commands.
eb deploy, eb status (others include eb create, eb logs, eb terminate).
What format is used in .ebextensions files?
YAML or JSON with .config extensions.
Where are .ebextensions placed?
In the root directory of the application source code.
How many versions does Elastic Beanstalk store by default?
Up to 1000 application versions.
What is a Beanstalk lifecycle policy?
Removes old versions based on time or space to manage application versions.
What is Elastic Beanstalk cloning?
Lets you create an exact duplicate of an existing environment, including its configuration and platform settings — it’s super useful for testing, debugging, or blue/green deployments.
What service does Elastic Beanstalk use under the hood?
AWS CloudFormation.
Why should you not use RDS provisioned by Elastic Beanstalk in production?
Because the database lifecycle is tied to the Beanstalk environment, so if you terminate the environment, the RDS instance is deleted as well
How do you migrate Elastic Beanstalk environments with a different ELB type?
Create a new environment, deploy app, and swap DNS (CNAME/Route 53).
How do you decouple RDS from an Elastic Beanstalk environment?
To decouple RDS from Elastic Beanstalk, create a DB snapshot, protect it from deletion, launch a new environment without RDS, point it to the existing DB, test, swap CNAMEs, and terminate the old environment.
