Open in app

Sign in

Write

Sign in

What is Amazon CloudFront?

Go Cloud Architects
4 min readJan 7, 2021

AWS CloudFront is a key service on the AWS network. This topic is also a key component on AWS Certified Solutions Architect exams. A strong knowledge of AWS CloudFront is essential for cloud architects looking to optimize web performance for websites hosted on the AWS cloud, or those looking to pass AWS Certified Solutions Architect Exams. So what is CloudFront?

AWS CloudFront

AWS CloudFront is the Amazon-branded content delivery network. CloudFront can dramatically improve web hosting and is integrated with numerous AWS services. Effectively, CloudFront is a network of caching servers spread throughout the world. When a request is made to a webpage, the user’s location is determined, and the web request is sent to the closest CloudFront server.

Web caching is often a misunderstood concept, so we want to clarify how the CloudFront caching service works. Local CloudFront servers cache website content and speed the delivery to remote locations throughout the world. The caching server works in the following manner:

1. The web request is sent to the CloudFront caching server.

2. If the website has been requested prior to the cache timeout, the content is sent straight to the user.

3. If the website data is not stored on the cache, the cache reaches out to the original website.

4. When the data is received, the information is stored on the cache until the cache’s expiration, and the data is sent to the requestor.

The diagram below shows how CloudFront caching can be used to improve the scalability and performance of web applications.

Caching can assist with website scalability and performance by offloading frequent requests to the cache instead of the actual website. Caching is very helpful for frequently requested content. If the content is very dynamic and user requests are all for new data, then the caching server will not help to improve performance or scalability.

CloudFront integrates with numerous AWS services including S3, EC2, elastic load balancers, and Route 53. CloudFront is typically used as a front end to static websites stored on S3. CloudFront can also be a front end to an EC2-based website as long as an elastic load balancer is part of the architecture.

CloudFront can help website performance through the following mechanisms:

· Cached content — The request does not need to go to the web server because it is cached.

· Global reach — There are over 217 points of presence for CloudFront. So CloudFront can get content much closer the user’s location.

· Routing efficiency — When CloudFront is used, requests that go to the original source (i.e., S3 bucket) traverse the AWS backbone and not the public internet. Therefore, performance can be enhanced, as AWS can manage their network for lower latency then when traversing an unknown number of internet service providers.

· Persistent connections — CloudFront maintains connections to the source. This minimizes the number of connections required on the web server, which reduces server load.

The diagram below shows how AWS CloudFront can be used to enhance the performance of a web application with static and dynamic content.

CloudFront can also make a significant impact on an organization’s security.

CloudFront Integrates with Web Application Firewall (WAF)

· WAF adds firewalling capabilities to protect against common web attacks.

CloudFront Can Help Prevent Distributed Denial of Service Attacks

· CloudFront distributes requests though multiple points of presence.

· CloudFront forwards only legitimate http/https requests to the server that aren’t already in the cache. This means the attacker cannot launch a DDoS by sending a large number of invalid requests to the server.

· AWS Shield Standard is included with CloudFront to provide additional layers of DDoS protection.

CloudWatch Can Provide Encryption in Transit

· CloudFront can enforce SSL/TLS protocols.

· CloudFront integrates with the AWS Certificate Manager.

· CloudFront supports Server Name Identification (SNI) as well as custom certificates.

Tuning CloudFront

CloudFront is highly tunable to meet an organization’s needs. CloudFront can be modified by changing the Time to Live (TTL) for objects in the cache. The minimum, maximum, and default TTL for objects are configurable options. If problems occur in the cache, it is possible to clear the cache. Clearing the cache is performed via the API or with the command line with the following command structure:

· aws cloudfront create-invalidation — distribution-iddistribution_ID — paths “/*”.

Now you know about AWS CloudFront.

If you enjoyed this content, please lets us know in the comments section below. Please forward to others who you believe would benefit from this information.

Get a FREE AWS Certified Solutions Architect Associate eBook from Go Cloud Architects by clicking on the link below:

https://www.gocloudarchitects.com/free-csa-a-ebook/

Download a FREE AWS Certified Solutions Architect Professional Practice Exam at the link below:

https://www.gocloudarchitects.com/free_exam/

We have new cloud computing videos every Wednesday on our YouTube channel.

https://www.youtube.com/c/GoCloudArchitects

Visit our website at www.gocloudarchitects.com

Aws Cloudfront
AWS
Cloud Certification
Content Delivery Network
Cloud Computing

--

--

Go Cloud Architects
Go Cloud Architects

Written by Go Cloud Architects

82 Followers
3 Following

Go Cloud Architects is a provider of cloud computing training. We make cloud computing simple so our clients can truly understand cloud computing.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams