Global Content and Delivery Optimization Flashcards
What is AWS CloudFront?
Amazon’s CDN Network
Content is cached in global locations and is as close to the source, or your customers, as possible where it is delivered directly to the endpoint/location.
Caches HTTP/HTTPS content (web access)
AWS CF Terms:
→ Origin - source location of the content; this could be an S3 bucket for example where a user uploads data (static or dynamic)
→ Distribution - the unit of config within CF; to use CF you use a distribution which is where any/all of the configuration goes
○ This is where you could configure an S3 bucket to act as the origin
○ This config gets pushed to all the Edge locations that you choose which can then be accessed by your customers or users near those locations
→ Edge location - pieces of local infra where the content is cached
→ Regional Edge Cache - much larger than a regular Edge location, but there are also fewer of them
○ Holds more data for caching for things that might be accessed less frequently
When would a Regional Edge Cache get used?
When an object/data is not stored or available at an Edge location.
○ when a user makes a request and the Edge location doesn’t have it, the Edge will then check it’s corresponding Regional Edge Cache for the object … it’s bigger so a better chance it’s there
What is an Origin Fetch?
When a user makes a request and the Edge Location nor Regional Edge Cache have it.. the Regional Cache will then fetch it from the Origin (like an S3 bucket)
Can you Read and Write to an Edge Location?
No.
CF is for download-style operations only – if a user tries to do a Write operation, it will go directly to the origin, not to the CF Edge.
There is a configured TTL value associated with cached content at an Edge Location - how would you override this?
Perform a “Cache Invalidation”
What is AWS Certificate Manager? What are the 2 main functions it serves?
Service that lets you easily provision, manage, and deploy PUBLIC and PRIVATE certificates for use with AWS services – Basically allows a HTTP website to handle encryption, making it HTTPS.
Allows Web-Servers to also PROVE IDENTITY via digital certificates which are signed by a legit CA. This could be an AWS CA or a 3rd party Root CA.
Can ACM work with 3rd party services?
Can it work on EC2?
No - it only works with AWS services.
No - if it’s not an “as a service” or a managed service product then it’s not supported.
What’s the main function of Origin Access Identity (OAI)?
→ An Origin Access Identity (OAI) - is used for sharing private content via CloudFront.
→ This is a method used to secure S3 buckets from direct access, and not allow end customers to be able to bypass CF
– You want the end user to connect to CF first, and not have access directly to the S3 bucket with all the resources inside
TheOAIis a virtual user identity that will be used to give your CF Distribution (where the config parameters for a CF template go) permission to fetch a private object from your origin server (e.g. S3 bucket).
What does an OAI get associated to?
CF Distribution
→ Once the OAI becomes associated with a CF Disty, all access is from the Edge Location assuming this “virtual identity” OAI
○ Because the OAI is attached to the CF Disty, any time the corresponding Edge Locations go to access buckets, they are allowed
Can you use an OAI on multiple S3 buckets or CF Disty’s at the same time?
Yes.
But it is best practice however to assign ONE OAI per one CF Disty - makes managing/organizing way easier.
What is Lambda @ Edge?
This is a feature of Lambda that allows you to run lighter-weight Lambda functions @ a CF Edge location.
Lambda@Edge allows CloudFront to run lambda functions at CloudFront edge locations to modify traffic between the VIEWER and edge location ORIGINS.
REVIEW:
Main use cases for Lambda @ Edge
○ A/B testing - used to test 2 different versions of an image without changing the URL
○ Migration between S3 origins - gradually migrate/transfer between an existing S3 origin to a new one
○ Different objects based on device - customize content based on the type of device that your end customer has; i.e different object quality will be displayed depending on a customers end device and whether it can support higher DPI’s for example
○ Content by Country - function that dictates what objects can be displayed based on the country of the customer
What is AWS Global Accelerator?
Designed to optimize the flow of data from your users to your AWS infra.
Very similar to a CDN but it’s more about traffic rather than content.
What’s the main feature/concept used by Global Accelerator?
AnyCast IP Addresses
Once connected to a Global Accelerator Edge Location, the traffic goes over the AWS backbone and performance will be significantly better; routed to 1+ locations