CloudFront & AWS Global Accelerator Flashcards
What is a CDN
Content Delivery Network
- Improves read performance, content is cached at the edge
- 216 Point of Presence globally (edge locations)
- DDoS protection, integration with Shield, AWS Web Application Firewall
AWS CloudFront
A (blank) attack takes place when a bad actor overwhelms a server with malicious internet traffic to prevent legitimate users from accessing
applications, services, and networks
DDoS (Distributed Denial of Service)
What are the CloudFront origins?
S3 bucket & Custom Origin (HTTP)
Allow users to access content from certain countries
Whitelist
Prevent users from accessing content from certain countries
Blacklist
Use case: Copyright Laws to control access to content
Geo Restriction
- Global Edge network
- Files are cached for a TTL (maybe a day)
- Great for static content that must be available everywhere
CloudFront
- Must be setup for each region you want replication to happen
- Files are updated in near real-time
- Read only
- Great for dynamic content that needs to be available at low-latency in few regions
S3 Cross Region Replication
•Allow access to a path, no matter
the origin
• Account wide key-pair, only the root
can manage it
- Can filter by IP, path, date, expiration
- Can leverage caching features
CloudFront Signed URL
- Issue a request as the person who (blank)
- Uses the IAM key of the signing IAM principal
- Limited lifetime
S3 Pre-Signed URL
How can you reduce cost for CloudFront?
Reduce the # of edge locations
How many price classes for CloudFront are there? What are they?
- All
- 200
- 100
All
What CloudFront price class is this?
All regions - best performance
200
What CloudFront price class is this?
Most regions, but excludes most expensive regions
100
What CloudFront price class is this?
Only the least expensive regions
One server holds one IP
Unicast IP
All servers hold the same IP address and the client is routed to the nearest one
Anycast IP
The Anycast IP will send traffic directly where?
Edge Locations
Leverage the AWS internal network to route to your application
AWS Global Accelerator
- Improves performance for a wide range of applications over TCP or UDP
- Proxying packets at the edge to applications running in one or more AWS Regions.
- Good fit for non-HTTP use cases, such as gaming (UDP), loT (MQTT), or Voice over IP
- Good for HTTP use cases that require static IP addresses
- Good for HTTP use cases that required deterministic, fast regional failover
AWS Global Accelerator
A communications standard that enables application programs and computing devices to exchange messages over a network.
It is designed to send packets across the internet and ensure the successful delivery of data and messages over networks.
TCP (Transmission Control Protocol)
Used for communication throughout the internet. It is specifically chosen for time-sensitive applications like gaming, playing videos, or Domain Name System lookups
Results in speedier communication because it does not spend time forming a firm connection with the destination before transferring the data
UDP (User Datagram Protocol)
- Improves performance for both cacheable content (such as images and videos)
- Dynamic content (such as API acceleration and dynamic site delivery)
- Content is served at the edge
CloudFront
What feature allows you to securely distribute paid content?
CloudFront Signed URL
A special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your S3 content
Origin Access Identity (OAI)
What should you use when you want to access hundreds (multiple files) of private files served by your CloudFront distribution?
CloudFront Signed Cookies
AWS Global Accelerator will provide us with what?
2 static IP addresses
An ALB will provide us with what?
HTTP routing rules
What CloudFront feature allows you to securely distribute paid content?
CloudFront Signed URL
