Section 15: CloudFront & AWS Global Accelerator Flashcards
What is Amazon CloudFront?
Amazon CloudFront is a Content Delivery Network (CDN) that has a wide global presence (edge locations), DDoS protection and integration with other important AWS security services like AWS Web Application Firewall and AWS Shield.
How does CloudFront improve read performance?
CloudFront improves read performance by caching content at global edge locations. If the edge location doesn’t have a copy of the file cached, then it will download it from the origin and cache the object for the TTL.
What does CloudFront GeoRestriction do?
CloudFront GeoRestriction restricts who can access your distribution based on user geo location
Is CloudFront read-only?
No, CloudFront can be written to as well.
What is a CloudFront Distribution?
A CloudFront distribution is just a collection of edge locations
What is a CloudFront Distribution?
A CloudFront distribution is just a collection of edge locations
What is a CloudFront Origin?
A CloudFront Origin is the source of all files that the CDN (Content Distribution Network, i.e. CloudFront) will distribute. Like an S3 bucket, EC2, ELB etc.
What is a common Architectural pattern with WAFs (web application firewalls) and CloudFront?
It is common to put WAFs in front of CloudFront
What is Origin Access Identity (OAI)?
OAI is a special CloudFront user that CloudFront can use to access files in S3 buckets.
What happens once an OAI becomes associated with a CloudFront Distribution?
Once an OAI is associated with a distribution, users will be required to access content by using CloudFront URLs, not URLS that access content directly on the origin server.
What is the purpose of an OAI?
OAI helps prevent users from bypassing restrictions specified in CloudFront signed URLs or signed Cookies. Thus, and OAI should be used in conjunction with Signed URLs / signed cookies.
Explain the difference between a CloudFront signed URL vs a CloudFront signed Cookie?
CloudFront Signed URL = access to individual files (1 file = 1 URL)
CloudFront signed Cookie = access to multiple files (1 signed cookie = multiple files)
What content do CloudFront Signed URLs restrict access to?
CloudFront signed URLs only restrict access to content stored in a CloudFront Edge Location, not in the S3 bucket / CloudFront Origin itself.
What are CloudFront signed URLs / Cookies good for?
CloudFront signed URLs and signed Cookies are good for restricting access to document business data, media streams, or content that is intended for specific users (like paid subscribers).
What are the three (3) CloudFront price classes? How can you reduce CloudFront costs?
You can reduce CloudFront costs by reducing the number of edge locations.
The three CloudFront Price classes:
1) Price Class All: all regions, best performance
2) Price Class 200: most regions, but excludes most expensive regions
3) Price Class 100: only the least expensive regions
