fbpx

Amazon CloudFront

  1. Home
  2. chevron_right
  3. AWS
  4. chevron_right
  5. Amazon CloudFront

Amazon CloudFront is a content delivery network offered by AWS. CDN comprises of a globally distributed network of proxy servers which cache bulky content like web video media locally to the consumers thereby improving the latency and access speed to such content. CloudFront is a fast CDN service that securely transmits data, videos, applications and API’s to customers globally with least possible latency and high transfer speeds.

Amazon uses a global network of 216 Points-of-Presence out of which 205 are Edge Locations and 11 Regional Edge Caches present I 84 cities spread across 42 countries.

Security:

SSL / TLS Encryption and HTTPS

We can deliver the content, API’s via SSL/ TLS and advanced SSL features are enabled by default. We can use Amazon Certificate Manager to easily create custom SSL certificates and deploy to CloudFront distribution for free. CloudFront provides many SSL optimizations such as full / half bridge HTTS connections, Session Tickets, Perfect Forward Secrecy and Field Level encryption.

Protection against network and Application Layer attacks

Amazon CloudFront, AWS Shield, AWS WAF and Route 53 together create a flexible layered security perimeter against multiple attacks including DDoS attacks.

Compliance

CloudFront is compliant with PCI-DSS Level 1, HIPAA, ISO 9001, ISO 27001.

Access Control

We can restrict access to our content sitting behind CloudFront through number of capabilities. With Signed URL’s and Signed Cookies, Token based authentication can be implemented to only authenticated users. Using Geographical restrictions, we can blacklist or whitelist specific geo locations from accessing the content.

Availability

Increase Application Availability

Web Applications often need to handle spike traffic during peak periods of uptime. By using CloudFront, we can cache content in Edge locations worldwide and reduce the workload on our origin server by only fetching content from the server when needed. This increases the availability of the application.

Enabling redundancy for origins

CloudFront also allows us to setup multiple origins to enable redundancy in our backend architecture. When primary origin is unavailable, CloudFront failover capability automatically switches to backup origin to serve content.

Performance

Network Optimizations

CloudFront continually measures internet connectivity, performance and computing to find the best way to route requests considering performance, load, operational status and other factors thereby delivering the best performance in real-time. Network layer optimizations such as TCP Fast open, request collapsing, keep-alive connections enable the CDN to accelerate both static and dynamic content for improved user performance.

Dynamic or static content

Modern websites and applications are rich amalgamation of dynamic, personalized or static content and exposed API’s in the form of microservices. CloudFront is optimized for providing extensive flexibility in serving content and cache behaviour and serving API’s with least latency. It also supports WebSocket protocol and HTTP Protocol with GET, HEAD POST, PUT, DELETE, OPTIONS methods thereby accelerating both upload and downloading parts of website.

Large libraries and media assets

CloudFront CDN is architected to keep objects longer in cache and to reduce cache churn. Techniques like tiered caching and de-duplication optimization help in maximize cache retention.

Lambda@Edge

Lambda@Edge helps web developers and Amazon CloudFront customers to run their code closer to their user’s geographic location. This enables to respond to requests with lowest latency globally. We only need to pay for the compute time used and no extra cost when the code is not running.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu