Section 15: CloudFront & AWS Global Accelerator Flashcards
What is Amazon CloudFront?
Amazon CloudFront is a Content Delivery Network (CDN) that has a wide global presence (edge locations), DDoS protection and integration with other important AWS security services like AWS Web Application Firewall and AWS Shield.
How does CloudFront improve read performance?
CloudFront improves read performance by caching content at global edge locations. If the edge location doesn’t have a copy of the file cached, then it will download it from the origin and cache the object for the TTL.
What does CloudFront GeoRestriction do?
CloudFront GeoRestriction restricts who can access your distribution based on user geo location
Is CloudFront read-only?
No, CloudFront can be written to as well.
What is a CloudFront Distribution?
A CloudFront distribution is just a collection of edge locations
What is a CloudFront Distribution?
A CloudFront distribution is just a collection of edge locations
What is a CloudFront Origin?
A CloudFront Origin is the source of all files that the CDN (Content Distribution Network, i.e. CloudFront) will distribute. Like an S3 bucket, EC2, ELB etc.
What is a common Architectural pattern with WAFs (web application firewalls) and CloudFront?
It is common to put WAFs in front of CloudFront
What is Origin Access Identity (OAI)?
OAI is a special CloudFront user that CloudFront can use to access files in S3 buckets.
What happens once an OAI becomes associated with a CloudFront Distribution?
Once an OAI is associated with a distribution, users will be required to access content by using CloudFront URLs, not URLS that access content directly on the origin server.
What is the purpose of an OAI?
OAI helps prevent users from bypassing restrictions specified in CloudFront signed URLs or signed Cookies. Thus, and OAI should be used in conjunction with Signed URLs / signed cookies.
Explain the difference between a CloudFront signed URL vs a CloudFront signed Cookie?
CloudFront Signed URL = access to individual files (1 file = 1 URL)
CloudFront signed Cookie = access to multiple files (1 signed cookie = multiple files)
What content do CloudFront Signed URLs restrict access to?
CloudFront signed URLs only restrict access to content stored in a CloudFront Edge Location, not in the S3 bucket / CloudFront Origin itself.
What are CloudFront signed URLs / Cookies good for?
CloudFront signed URLs and signed Cookies are good for restricting access to document business data, media streams, or content that is intended for specific users (like paid subscribers).
What are the three (3) CloudFront price classes? How can you reduce CloudFront costs?
You can reduce CloudFront costs by reducing the number of edge locations.
The three CloudFront Price classes:
1) Price Class All: all regions, best performance
2) Price Class 200: most regions, but excludes most expensive regions
3) Price Class 100: only the least expensive regions
What does AWS Global Accelerator do?
AWS Global Accelerator creates accelerators to improve the availability and performance of applications for both local and global users.
Usually, users need to jump through the internet and different routes to access an application. How does Global Accelerator improve this?
Global Accelerator leverages AWS’s internal network to route traffic to your application. With Global Accelerator, the user connects to an edge location that brings them to an accelerator, which then directs them right to the correct AWS region.
What three (3) nice-to-have perks does AWS Global Accelerator offer?
1) Consistent Performance via intelligent low-latency routing and fast failover
2) Health checks of your application, making the app global with good disaster recovery
3) Offers DDoS protection via AWS Shield for security
CloudFront vs Global Accelerator: When to use which?
CloudFront for cacheable / dynamic content server at edge locations
Global Accelerator for improving performance on a wide range of applications, and HTTP use cases.
CloudFront vs Global Accelerator: When to use which?
CloudFront for cacheable / dynamic content server at edge locations
Global Accelerator for improving performance on a wide range of applications, and HTTP use cases.
