CloudFront & Global Accelerator Flashcards
What is CloudFront?
It’s a content delivery network or CDN.
Improves a website read performance by caching content at different aws edge locations.
Which services can cloudfront work with?
S3 buckets: Caching objects in edges.
S3 uploads: Cloudfront can act as ingress. Meaning people will upload files to edge and then edge sends it to the bucket region.
You can also use a custom origin, meaning any HTTP website can be used with cloudfront in front. It can be an ALB, an EC2 instance, an s3 bucket static website, or any HTTP website you want.
What is Cloudfront OAC (Origin access control)?
A CloudFront feature that allows you to control access to s3 objects.
With this option enabled, the bucket restricts access to only cloudfront.
When you configure OAC in your cloudfront distribution, it gives you a bucket policy statement to add to your bucket policy so you allow access to the origin of the distribution.
How does cloudfront work?
When a client requests a website content from an edge location, cloudfront checks if it has the content stored in cache to give to the client. If it doesn’t have it, it requests it to origin and delivers it to client, and also stores it in cache, so that future clients get it faster from cache.
Whats the difference between using cloudfront and using s3 cross region replication?
Cloudfront can use the global edge network, which means more locations. Files can be cached with a set TTL. Great for caching static content.
S3 replication is more for dynamic content that needs to be available in a few regions with low latency.
How do you use cloudfront?
You create a distribution. Then choose the origin domain.
The origin domain is the website that will be cached.
Then you can choose to use OAC, option in which bucket restricts access to only cloudfront
What is a cloudfront distribution?
What you configure in cloudfront to cache webservers.
What is a cloudfront origin?
The source webserver to be distributed by your cloudfront distribution. A distribution can have many origins.
What is a control setting?
The configuration for OAC between cloudfront and s3 bucket.
What do you need in the networking side for cloudfront to work against an EC2 instance or ALB webserver?
You will need a security group attached to the EC2 instances or ALB that allows traffic from and to the edge location public ips of cloudfront. Theres a list of which are these IPs.
What is CloudFront GeoLocation?
A feature that allows you to restrict who can access your distribution.
You can make an allowlist with the only countries you allow. Or a denylist with only the countries you want to deny access to your content.
Use case would be copyright laws by country.
How does cloudfront pricing work?
You are charged for the data transfered out (from cloudfront to internet).
The cost varies depending on the country of the edge location. Some edges are more expensive than others.
How can you reduce cost in cloudfront?
Reducing the number of edge zones you use. You can do this by using price classes.
There are 3 price classes:
Price Class All: All regions available.
Price Class 200: Most regions available.
Price Class 100: Only least expensive regions.
What is cache invalidations?
When you update your webserver, to avoid waiting for TTL to expire to see the changes in cloudfront, you can force an ENTIRE or PARTIAL cache refresh, which eliminates the TTL in your cache
What is anycast in IPv4?
An addressing and routing method that allows multiple servers to share the same ip, and traffic will be routed only to the closest server for this ip.
What routing and addressing method does Global Accelerator use?
Anycast, which is multiple server sharing the same ip, and traffic being routed only to the closest one.
What is Global Accelerator?
A service that reduces latency to your application. Instead of clients having to go through the internet to get to your resource, they go to their nearest edge location, and then get to your resource through the internal AWS network. This reduces latency by 60%.
What endpoints does Global Accelerator work against?
Elastic IP, EC2, ALB and NLB.
How does Global Accelerator work?
You add and endpoint and Global Accelerator gives you 2 global anycast ip addresses. Users who query these addresses will be able to access your endpoint (application) through their closest edge zone. (Thanks to anycast).
What is an advantage of Global Accelerator over CloudFront?
Global accelerator has region failover capabilities for your app. Failover works through the use of health checks.
Which of these 2 services has health checks agains your app?
CloudFront or Global Accelerator?
Global Accelerator
How does AWS Shield help Global Accelerator?
It gives you DDoS protection automatically.
What is the difference between CloudFront and Global Accelerator?
CloudFront is great for caching content such as static content, videos or images to edge locations around the world. So content is served at the edges.
Global Accelerator has no caching, content is served at the actual app. It accelerates the delivery of that content by using the edges and aws network to reduce the latency to your app.
Global accelerator has varied use cases because it works with TCP AND UDP, such as VoIP, Gaming.
What are Global Accelerator Listeners?
A listener is where you set the port or port range and protocol that will listen to requests on the global accelerator pair of ip addresses.
How do Global Accelerator Endpoint groups work?
Endpoint Groups are that the Global Accelerator listeners point to. An endpoint group contains one or more endpoints, which could be ALBs NLBs Elastic IPs or EC2 Instances.
Endpoints in an endpoint group must be in the same region
What are the global accelerator components?
Listeners
Endpoints
Which protocol does Global Accelerator support?
TCP and UDP
What is Client Affinity?
It’s a stickiness you set so that clients connect to the same endpoint every time.
How is the process of creating an Global Accelerator endpoint group?
You select a region for the endpoint group
Yo select a traffic dial from 0 to 100.
If you have a Global Accelerator with endpoints in 4 regions, how many endpoint groups do you need to create?
Yo need to create 4 endpoint groups because they are regional.
What is the traffic dial?
You choose in an endpoint group, from 0 to 100, the percent of traffic that will go to that endpoint group, therefore to that region.
