CloudFront Overview
- Content Delivery Network (CDN)
- Improves read performance, content is cached at the edge
- Improves users experience
- 216 Point of Presence globally (edge locations)
- DDoS protection (because worldwide) integration with Shield, AWS Web Application Firewall
Origins
- S3 Bucket
- For distributing files and caching them at the edge
- Enhanced security with CloudFront Origin Access Control (OAC)
- OAC is replacing Origin Access Identity (OAI)
- CloudFront can be used as an ingress (to upload files to S3)
- Custom Origin (HTTP)
- Applicaiton Load Balancer
- EC2 instance
- S3 website
- Any HTTP backend you want
High Level
CloudFront vs S3 Cross Region Replicaiton
- CloudFront:
- Global Edge network
- Files are cached for a TTL (maybe a day)
- Great for static content that must be available everywhere
- S3 Cross Region Replication:
- Must be setup for each region you want replication to happen
- Files are updated in near real-time
- Read only
- Great for dynamic content that needs to be available at low latency in few regions
ALB or EC2 as an Origin
EC2 instance must be public
Must have a security group that allows the sources of cloud front
If using an ALB, must be public also, backend EC2 instances can be private (so long as ALB is allowed access)