CloudFront & Global Accelerator Flashcards
What is CloudFront?
It’s a content delivery network or CDN.
Improves a website read performance by caching content at different aws edge locations.
Which services can cloudfront work with?
S3 buckets: Caching objects in edges.
S3 uploads: Cloudfront can act as ingress. Meaning people will upload files to edge and then edge sends it to the bucket region.
You can also use a custom origin, meaning any HTTP website can be used with cloudfront in front. It can be an ALB, an EC2 instance, an s3 bucket static website, or any HTTP website you want.
What is Cloudfront OAC (Origin access control)?
A CloudFront feature that allows you to control access to s3 objects.
With this option enabled, the bucket restricts access to only cloudfront.
When you configure OAC in your cloudfront distribution, it gives you a bucket policy statement to add to your bucket policy so you allow access to the origin of the distribution.
How does cloudfront work?
When a client requests a website content from an edge location, cloudfront checks if it has the content stored in cache to give to the client. If it doesn’t have it, it requests it to origin and delivers it to client, and also stores it in cache, so that future clients get it faster from cache.
Whats the difference between using cloudfront and using s3 cross region replication?
Cloudfront can use the global edge network, which means more locations. Files can be cached with a set TTL. Great for caching static content.
S3 replication is more for dynamic content that needs to be available in a few regions with low latency.
How do you use cloudfront?
You create a distribution. Then choose the origin domain.
The origin domain is the website that will be cached.
Then you can choose to use OAC, option in which bucket restricts access to only cloudfront
What is a cloudfront distribution?
What you configure in cloudfront to cache webservers.
What is a cloudfront origin?
The source webserver to be distributed by your cloudfront distribution. A distribution can have many origins.
What is a control setting?
The configuration for OAC between cloudfront and s3 bucket.
What do you need in the networking side for cloudfront to work against an EC2 instance or ALB webserver?
You will need a security group attached to the EC2 instances or ALB that allows traffic from and to the edge location public ips of cloudfront. Theres a list of which are these IPs.
What is CloudFront GeoLocation?
A feature that allows you to restrict who can access your distribution.
You can make an allowlist with the only countries you allow. Or a denylist with only the countries you want to deny access to your content.
Use case would be copyright laws by country.
How does cloudfront pricing work?
You are charged for the data transfered out (from cloudfront to internet).
The cost varies depending on the country of the edge location. Some edges are more expensive than others.
How can you reduce cost in cloudfront?
Reducing the number of edge zones you use. You can do this by using price classes.
There are 3 price classes:
Price Class All: All regions available.
Price Class 200: Most regions available.
Price Class 100: Only least expensive regions.
What is cache invalidations?
When you update your webserver, to avoid waiting for TTL to expire to see the changes in cloudfront, you can force an ENTIRE or PARTIAL cache refresh, which eliminates the TTL in your cache
What is anycast in IPv4?
An addressing and routing method that allows multiple servers to share the same ip, and traffic will be routed only to the closest server for this ip.
