Please enable JavaScript.
Coggle requires JavaScript to display documents.
CloudFront - Coggle Diagram
CloudFront
Signed URL/ Cookies
Signed Cookies:
- 1 signed cookie for many files
Signed URL: (image)
- 1 signed URL per file
Features:
- To distribute paid content to premium users over the world
- Attach a policy with: URL expiration, IP ranges to access the data from, Trusted signers (which AWS accounts can create signed URLs)
How long should the signed URL be valid for ?
- Share content should be shorter
- Private content should be longer
Origins
S3 bucket (image)
Features:
- Enhanced security with CloudFront Origin Access Identity (OAI); is an IAM role
- CloudFront can be used to upload files to S3
Custom Origin (HTTP)
Options:
- ALB (image)
- EC2 instance (image)
- S3 static website
Geo Restriction
Features:
- Restrict who can access my distribution
- Whitelist: allow users to access content only if users are in 1 of the countries on a list of approved countries
- Blacklist: Prevent users from accessing content if users are in 1 of the countries on a list of banned countries
- Country: determined using 3rd party Geo-IP database
-
Pricing
-
Price Classes (image):
- Price Class All: all regions, best performance
- Price Class 200: most regions, but excludes the most expensive regions
- Price Class 100: only the least expensive regions
Multiple Origins (image)
-
Examples:
- /images/*
- /api/*
- /*
-
-
Origin Groups (image)
Features:
- 1 primary and 1 secondary group
- If primary Origin fails, the second Origin is used
- Pros: to increase HA and do failover
-
Features:
- Is a CDN
- Improves read performance, content is cached at the Edge Locations (image)
- DDoS protection, integration with AWS Shield, AWS WAF
- Can expose external HTTPS
- Can talk to internal HTTPS backends
- Is Global
- If I want CloudFront to cache different versions of my objects based on the language specified in the request, configure CloudFront to forward the Accept-Language header to my origin
Lambda@Edge:
- Is a feature of CloudFront that lets me run code closer to users of my application, which improves performance and reduces latency